urelas | 699128c70cc5be077b4dfa9b30776b3f7735fa678da85284c671c5654c94609c | Triage

Sharing

General

Target

7Y18r(156).exe
Size

338KB
Sample

240724-v925kayhlq
MD5

4b618ee7eb34d9776481ce7809bf23c0
SHA1

50be72c1861ba577f12872fe5f068a674afe91c3
SHA256

699128c70cc5be077b4dfa9b30776b3f7735fa678da85284c671c5654c94609c
SHA512

58ef134e82912754e09775b9ebdb99828cf81fc8a432e3f20e015e0ed4ad98fcf6fbca9127fe0a6b64099868e4ca1785a6d8c47d7ac853081e4392b800911110
SSDEEP

6144:i5tYTzqklVw910CIWrC9foCChVN6XCLWk6aMWgziMV1AXj16NYuLDuUcOibi5EB9:iUPTCBC9A/VIXCCkMWguMcj0vbd5E0/O

Score

10^/10

urelas discovery trojan

Malware Config

Extracted

Family

urelas

C2

1.234.83.146

133.242.129.155

218.54.31.226

218.54.31.165

Targets

- Target
  
  7Y18r(156).exe
- Size
  
  338KB
- MD5
  
  4b618ee7eb34d9776481ce7809bf23c0
- SHA1
  
  50be72c1861ba577f12872fe5f068a674afe91c3
- SHA256
  
  699128c70cc5be077b4dfa9b30776b3f7735fa678da85284c671c5654c94609c
- SHA512
  
  58ef134e82912754e09775b9ebdb99828cf81fc8a432e3f20e015e0ed4ad98fcf6fbca9127fe0a6b64099868e4ca1785a6d8c47d7ac853081e4392b800911110
- SSDEEP
  
  6144:i5tYTzqklVw910CIWrC9foCChVN6XCLWk6aMWgziMV1AXj16NYuLDuUcOibi5EB9:iUPTCBC9A/VIXCCkMWguMcj0vbd5E0/O
Score

10^/10

urelas discovery trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

urelasdiscoverytrojan

behavioral2

urelasdiscoverytrojan