urelas | 5eab0cfa0f6c916740515e4ea6389ca0a55c1108c993532143e962d1f289c122 | Triage

Sharing

General

Target

815c519c72a50051d4cebaff3f4d2810N.exe
Size

56KB
Sample

240716-g81cpa1hng
MD5

815c519c72a50051d4cebaff3f4d2810
SHA1

bdb780f001c05599f825776d62e54d5c6c38fd91
SHA256

5eab0cfa0f6c916740515e4ea6389ca0a55c1108c993532143e962d1f289c122
SHA512

eb72003d8ee4fbc469a8a735af81317721dfe96a4dc67f2b5c6f1b4c1c24870d2581aaee3c2641495969ad699a66b8235dcb1a356099e5c39ef5a8c7c158b86d
SSDEEP

1536:MQPzemdaNqAPG17k74qlmbbVgYyvxcd5jnGWqN7kS88k:MOemdTd1o74qlmbbJ+x+Ik6k

Score

10^/10

urelas trojan

Malware Config

Extracted

Family

urelas

C2

218.54.47.76

218.54.47.77

218.54.47.74

Targets

- Target
  
  815c519c72a50051d4cebaff3f4d2810N.exe
- Size
  
  56KB
- MD5
  
  815c519c72a50051d4cebaff3f4d2810
- SHA1
  
  bdb780f001c05599f825776d62e54d5c6c38fd91
- SHA256
  
  5eab0cfa0f6c916740515e4ea6389ca0a55c1108c993532143e962d1f289c122
- SHA512
  
  eb72003d8ee4fbc469a8a735af81317721dfe96a4dc67f2b5c6f1b4c1c24870d2581aaee3c2641495969ad699a66b8235dcb1a356099e5c39ef5a8c7c158b86d
- SSDEEP
  
  1536:MQPzemdaNqAPG17k74qlmbbVgYyvxcd5jnGWqN7kS88k:MOemdTd1o74qlmbbJ+x+Ik6k
Score

10^/10

urelas trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2