urelas | 949be27d8526791eb6e3f51e74c55f5fe11383fdd44839c2c9ce60dfcaf4eba1 | Triage

Sharing

General

Target

949be27d8526791eb6e3f51e74c55f5fe11383fdd44839c2c9ce60dfcaf4eba1
Size

73KB
Sample

240705-aswagaxfqj
MD5

6d04c0852fa500930fe23a8e314f842a
SHA1

730247eb7adf5bdb97321ee307fa2a413789f026
SHA256

949be27d8526791eb6e3f51e74c55f5fe11383fdd44839c2c9ce60dfcaf4eba1
SHA512

7fe187845c7a3fd73a32b6b107d14fac41da4d7355fb5bb6b8477e0470896c20fd1eb1621e1f4a663cf52d1b9d2662d4b305ee052de37fc1f00ca193189f37f0
SSDEEP

1536:JgajdM0t2hl9ET9xBOz3BODtysTHFQJmGh/t0h:X32h7yxBGmtHQUGhF4

Score

10^/10

urelas trojan

Malware Config

Extracted

Family

urelas

C2

121.88.5.183

121.88.5.184

218.54.28.139

Targets

- Target
  
  949be27d8526791eb6e3f51e74c55f5fe11383fdd44839c2c9ce60dfcaf4eba1
- Size
  
  73KB
- MD5
  
  6d04c0852fa500930fe23a8e314f842a
- SHA1
  
  730247eb7adf5bdb97321ee307fa2a413789f026
- SHA256
  
  949be27d8526791eb6e3f51e74c55f5fe11383fdd44839c2c9ce60dfcaf4eba1
- SHA512
  
  7fe187845c7a3fd73a32b6b107d14fac41da4d7355fb5bb6b8477e0470896c20fd1eb1621e1f4a663cf52d1b9d2662d4b305ee052de37fc1f00ca193189f37f0
- SSDEEP
  
  1536:JgajdM0t2hl9ET9xBOz3BODtysTHFQJmGh/t0h:X32h7yxBGmtHQUGhF4
Score

10^/10

urelas trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2