urelas | 271391b7e5603b5f1b7e2b584f66b26fc3584448fb0c41e56d13ad901154ffe8 | Triage

Sharing

General

Target

95f95e09eeec2fe2186635cf6c9a5040N.exe
Size

323KB
Sample

240723-k3jdrsxhje
MD5

95f95e09eeec2fe2186635cf6c9a5040
SHA1

f434c6118241d112a127854aa4df276d3f6e7191
SHA256

271391b7e5603b5f1b7e2b584f66b26fc3584448fb0c41e56d13ad901154ffe8
SHA512

dc985bae145c9c9abe6bc11583ead32b78dd03801c2715c69ff716297c37331410e09a520d5323b375d7a3136d48feea8b546412c705d157a135b806b4e6cb5e
SSDEEP

6144:nvHWrZ+i8/iYiVst4UKVRw8pDrKlGSeNWcx1RsF9gc+XYC:vHW138/iXWlK885rKlGSekcj66ciD

Score

10^/10

urelas trojan

Malware Config

Extracted

Family

urelas

C2

218.54.31.226

218.54.31.165

218.54.31.166

Targets

- Target
  
  95f95e09eeec2fe2186635cf6c9a5040N.exe
- Size
  
  323KB
- MD5
  
  95f95e09eeec2fe2186635cf6c9a5040
- SHA1
  
  f434c6118241d112a127854aa4df276d3f6e7191
- SHA256
  
  271391b7e5603b5f1b7e2b584f66b26fc3584448fb0c41e56d13ad901154ffe8
- SHA512
  
  dc985bae145c9c9abe6bc11583ead32b78dd03801c2715c69ff716297c37331410e09a520d5323b375d7a3136d48feea8b546412c705d157a135b806b4e6cb5e
- SSDEEP
  
  6144:nvHWrZ+i8/iYiVst4UKVRw8pDrKlGSeNWcx1RsF9gc+XYC:vHW138/iXWlK885rKlGSekcj66ciD
Score

10^/10

urelas trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2