urelas | 9d95423e39f83c4ec2a0a0ff65caa3aa31e43fb1c310ec19030dc3c5797300cd | Triage

Sharing

General

Target

7Y18r(153).exe
Size

214KB
Sample

240724-v92tssyhln
MD5

4563c37b9f722ce72a16aa7b9e33a260
SHA1

b7cbf85e2a5d5138620c3624a2db1d6c59dd453c
SHA256

9d95423e39f83c4ec2a0a0ff65caa3aa31e43fb1c310ec19030dc3c5797300cd
SHA512

d7e14e557cfa1684817212413fece2ea3604ae4f12439d61e077056dc34dcef104ba306a15cb0fda0f30e748ef5cf0404a46790f617624fb746bc16f0aa5368d
SSDEEP

1536:1q1utPdWHdPEzoT2/VhWbnoZSKLfiGGPgq3ePAH8PNqWxCxrR/x9sU4BHk:1fPdWqV0CvL6GGCPNqWUxrR/x9sTBHk

Score

10^/10

urelas discovery trojan

Malware Config

Extracted

Family

urelas

C2

218.54.47.77

218.54.47.74

Targets

- Target
  
  7Y18r(153).exe
- Size
  
  214KB
- MD5
  
  4563c37b9f722ce72a16aa7b9e33a260
- SHA1
  
  b7cbf85e2a5d5138620c3624a2db1d6c59dd453c
- SHA256
  
  9d95423e39f83c4ec2a0a0ff65caa3aa31e43fb1c310ec19030dc3c5797300cd
- SHA512
  
  d7e14e557cfa1684817212413fece2ea3604ae4f12439d61e077056dc34dcef104ba306a15cb0fda0f30e748ef5cf0404a46790f617624fb746bc16f0aa5368d
- SSDEEP
  
  1536:1q1utPdWHdPEzoT2/VhWbnoZSKLfiGGPgq3ePAH8PNqWxCxrR/x9sU4BHk:1fPdWqV0CvL6GGCPNqWUxrR/x9sTBHk
Score

10^/10

urelas discovery trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

urelasdiscoverytrojan

behavioral2

urelasdiscoverytrojan