urelas | f03535ae3becd1dd0b531f945b5667579a3a28ed97c779c83c480118bb6f0abb | Triage

Submit
Reports

Overview

overview

Static

static

f03535ae3b...bb.exe

windows7-x64

f03535ae3b...bb.exe

windows10-2004-x64

Sharing

General

Target

f03535ae3becd1dd0b531f945b5667579a3a28ed97c779c83c480118bb6f0abb
Size

93KB
Sample

240617-ef443ashlh
MD5

3e2d1f232c5a6ba7c01b891716e9c4bb
SHA1

61d535cce9c81f45a1ef54e9323fc3be2fa899e3
SHA256

f03535ae3becd1dd0b531f945b5667579a3a28ed97c779c83c480118bb6f0abb
SHA512

0c7e3e619d1a4b8bd29bafbf885a2428efabb73c072dddae86c9463b80699380b4febfa8e007f3f6f48cba3db63ac2b6064c1a6f3c4e2402ffa0fbf5c6e1b05a
SSDEEP

768:54pt1NSf7M9Syk+IAnTjwm41tYhZV6pudcMiDh7FOaRb8RC1J3AFLT7Dm3UIn4U+:OVNSf7hyk+I6412V6PMqAax80XAFSrRo

Score

10^/10

urelas trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

f03535ae3becd1dd0b531f945b5667579a3a28ed97c779c83c480118bb6f0abb.exe

Resource

win7-20231129-en

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

f03535ae3becd1dd0b531f945b5667579a3a28ed97c779c83c480118bb6f0abb.exe

Resource

win10v2004-20240611-en

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Extracted

Family

urelas

C2

218.54.47.77

218.54.47.74

Targets

- Target
  
  f03535ae3becd1dd0b531f945b5667579a3a28ed97c779c83c480118bb6f0abb
- Size
  
  93KB
- MD5
  
  3e2d1f232c5a6ba7c01b891716e9c4bb
- SHA1
  
  61d535cce9c81f45a1ef54e9323fc3be2fa899e3
- SHA256
  
  f03535ae3becd1dd0b531f945b5667579a3a28ed97c779c83c480118bb6f0abb
- SHA512
  
  0c7e3e619d1a4b8bd29bafbf885a2428efabb73c072dddae86c9463b80699380b4febfa8e007f3f6f48cba3db63ac2b6064c1a6f3c4e2402ffa0fbf5c6e1b05a
- SSDEEP
  
  768:54pt1NSf7M9Syk+IAnTjwm41tYhZV6pudcMiDh7FOaRb8RC1J3AFLT7Dm3UIn4U+:OVNSf7hyk+I6412V6PMqAax80XAFSrRo
Score

10^/10

urelas trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Detects executables built or packed with MPress PE compressor
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy