urelas | c1d64b05f775a3311b57c5b5e74405cdf8010f3c7fdabc193553369e7fd15139 | Triage

Sharing

General

Target

c1d64b05f775a3311b57c5b5e74405cdf8010f3c7fdabc193553369e7fd15139
Size

332KB
Sample

240802-e9m3ms1dja
MD5

aece7a093e6b27c5f1474cd8422c9e66
SHA1

eeb0ba66278e98a2241a3cd19d317007575c6578
SHA256

c1d64b05f775a3311b57c5b5e74405cdf8010f3c7fdabc193553369e7fd15139
SHA512

3e94f42fb41f5cb3384f8e23b75d1539c9cd2bd5aa2aff2d9a5c1cd5496b8cd2493f22c76da08b516aed689b62d025028d29c4f98c2487f80017e3c4b9b612aa
SSDEEP

6144:yty5fbpxDuMcHYwt1gxloqtaE5iWbUMqfn8EijRUNafrHBw/iq:ytCLD7+51gxeq3gOU9EEQrhMJ

Score

10^/10

urelas discovery trojan

Malware Config

Extracted

Family

urelas

C2

218.54.31.165

218.54.31.226

Targets

- Target
  
  c1d64b05f775a3311b57c5b5e74405cdf8010f3c7fdabc193553369e7fd15139
- Size
  
  332KB
- MD5
  
  aece7a093e6b27c5f1474cd8422c9e66
- SHA1
  
  eeb0ba66278e98a2241a3cd19d317007575c6578
- SHA256
  
  c1d64b05f775a3311b57c5b5e74405cdf8010f3c7fdabc193553369e7fd15139
- SHA512
  
  3e94f42fb41f5cb3384f8e23b75d1539c9cd2bd5aa2aff2d9a5c1cd5496b8cd2493f22c76da08b516aed689b62d025028d29c4f98c2487f80017e3c4b9b612aa
- SSDEEP
  
  6144:yty5fbpxDuMcHYwt1gxloqtaE5iWbUMqfn8EijRUNafrHBw/iq:ytCLD7+51gxeq3gOU9EEQrhMJ
Score

10^/10

urelas discovery trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

urelasdiscoverytrojan

behavioral2

urelasdiscoverytrojan