urelas | def331ad10d30978f1d88a196dcdd5cefa3ce0e2edf0fa8b36255f294859782f | Triage

Sharing

General

Target

def331ad10d30978f1d88a196dcdd5cefa3ce0e2edf0fa8b36255f294859782f
Size

56KB
Sample

240804-ephx7azgjd
MD5

37a2bc0718fd1e64051d5b3eb454bc79
SHA1

59fd61662918dea5955ad77d8a43d5df5709399e
SHA256

def331ad10d30978f1d88a196dcdd5cefa3ce0e2edf0fa8b36255f294859782f
SHA512

c4c6eed7bed29c05760a68901684cc510b2302ea6f389dfbc95dbcd252f1e5af51ac95d4702ae4538797a6d7ed2a780f87bd623bef51fffa06ce7731caae3e29
SSDEEP

1536:MQPzemdaNqAPG17k74qlmbbVgYyvxcd5jnGWqN7kS8HI:MOemdTd1o74qlmbbJ+x+IkJI

Score

10^/10

urelas discovery trojan

Malware Config

Extracted

Family

urelas

C2

218.54.47.76

218.54.47.77

218.54.47.74

Targets

- Target
  
  def331ad10d30978f1d88a196dcdd5cefa3ce0e2edf0fa8b36255f294859782f
- Size
  
  56KB
- MD5
  
  37a2bc0718fd1e64051d5b3eb454bc79
- SHA1
  
  59fd61662918dea5955ad77d8a43d5df5709399e
- SHA256
  
  def331ad10d30978f1d88a196dcdd5cefa3ce0e2edf0fa8b36255f294859782f
- SHA512
  
  c4c6eed7bed29c05760a68901684cc510b2302ea6f389dfbc95dbcd252f1e5af51ac95d4702ae4538797a6d7ed2a780f87bd623bef51fffa06ce7731caae3e29
- SSDEEP
  
  1536:MQPzemdaNqAPG17k74qlmbbVgYyvxcd5jnGWqN7kS8HI:MOemdTd1o74qlmbbJ+x+IkJI
Score

10^/10

urelas discovery trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

urelasdiscoverytrojan

behavioral2

urelasdiscoverytrojan