urelas | 554d184034b79d48995612b49131724bbadbddef3ebc7109aaa92a053dc5fa53 | Triage

Sharing

General

Target

44c9bd93e92e7fefccea46323b3a3dd0N.exe
Size

51KB
Sample

240726-xsfw4ssakf
MD5

44c9bd93e92e7fefccea46323b3a3dd0
SHA1

f3d13dd52e654060570a65f87d1a85ee976a6cb6
SHA256

554d184034b79d48995612b49131724bbadbddef3ebc7109aaa92a053dc5fa53
SHA512

b95990e28c68c56425851dd9b33123c52f964074abce9ebd1a14fd549ff792d63926601e49293871835693c4d69847c1e4fe48243a6b1043a5507e846cdb57a1
SSDEEP

1536:lVeVFl6sRsDnQi1Mek/pFRMfKaP7cFwQkXuJXqmrZ3:v23sD1vSP6cOYXqmB

Score

10^/10

urelas discovery trojan

Malware Config

Extracted

Family

urelas

C2

218.54.47.76

218.54.47.77

218.54.47.74

Targets

- Target
  
  44c9bd93e92e7fefccea46323b3a3dd0N.exe
- Size
  
  51KB
- MD5
  
  44c9bd93e92e7fefccea46323b3a3dd0
- SHA1
  
  f3d13dd52e654060570a65f87d1a85ee976a6cb6
- SHA256
  
  554d184034b79d48995612b49131724bbadbddef3ebc7109aaa92a053dc5fa53
- SHA512
  
  b95990e28c68c56425851dd9b33123c52f964074abce9ebd1a14fd549ff792d63926601e49293871835693c4d69847c1e4fe48243a6b1043a5507e846cdb57a1
- SSDEEP
  
  1536:lVeVFl6sRsDnQi1Mek/pFRMfKaP7cFwQkXuJXqmrZ3:v23sD1vSP6cOYXqmB
Score

10^/10

urelas discovery trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

urelasdiscoverytrojan

behavioral2

urelasdiscoverytrojan