urelas | 4e39c471e5492d6638512895dcf9541c316de1a2d9d6f398ba987bcb7b839bc4 | Triage

Sharing

General

Target

4e39c471e5492d6638512895dcf9541c316de1a2d9d6f398ba987bcb7b839bc4
Size

141KB
Sample

240704-1dc4fssdph
MD5

d2afda33b0fb55ab17dc94e112cb34d5
SHA1

46a530e14c5d95545ee6dc90acfd20e00ba76c16
SHA256

4e39c471e5492d6638512895dcf9541c316de1a2d9d6f398ba987bcb7b839bc4
SHA512

02ddd0e94b6213552863511a9d5fc7ef06211a93ff78383d6025087e487ab0b4e993f8606127afc67b1c1ec725239297331db4fa244985382051f156d5dd299b
SSDEEP

3072:7D8wMT6/JO6SaqLRuNw8niD0LdkD85eL/V:vMT6o6xO8ioGw5eL/V

Score

10^/10

urelas trojan

Malware Config

Extracted

Family

urelas

C2

112.175.88.207

112.175.88.208

Targets

- Target
  
  4e39c471e5492d6638512895dcf9541c316de1a2d9d6f398ba987bcb7b839bc4
- Size
  
  141KB
- MD5
  
  d2afda33b0fb55ab17dc94e112cb34d5
- SHA1
  
  46a530e14c5d95545ee6dc90acfd20e00ba76c16
- SHA256
  
  4e39c471e5492d6638512895dcf9541c316de1a2d9d6f398ba987bcb7b839bc4
- SHA512
  
  02ddd0e94b6213552863511a9d5fc7ef06211a93ff78383d6025087e487ab0b4e993f8606127afc67b1c1ec725239297331db4fa244985382051f156d5dd299b
- SSDEEP
  
  3072:7D8wMT6/JO6SaqLRuNw8niD0LdkD85eL/V:vMT6o6xO8ioGw5eL/V
Score

10^/10

urelas trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2