urelas | caa35807916b5fbe3e9a93757753a4512712377ad0a25d1109d6937df96b4a6b | Triage

Sharing

General

Target

48a121356fc7b3917d788e1d02440d50N.exe
Size

63KB
Sample

240805-esx7aazhpf
MD5

48a121356fc7b3917d788e1d02440d50
SHA1

58cf6ae3d36e8abee57766b2b3a806ba583a7ec7
SHA256

caa35807916b5fbe3e9a93757753a4512712377ad0a25d1109d6937df96b4a6b
SHA512

f49c6b641441d57084aec1f98591446b17fdea2df2e1514578a76c83690b8ce97197ce9b3f99d6ec8894e74428c46611653b0a253aecb76d86d8315b4379d9b4
SSDEEP

1536:6bQx5oPsr2vFxDPhAvzgAQzFZ77MzeTmZ:6bQRSHpAvzyf7MzeTW

Score

10^/10

urelas discovery trojan

Malware Config

Extracted

Family

urelas

C2

218.54.47.76

218.54.47.77

218.54.47.74

Targets

- Target
  
  48a121356fc7b3917d788e1d02440d50N.exe
- Size
  
  63KB
- MD5
  
  48a121356fc7b3917d788e1d02440d50
- SHA1
  
  58cf6ae3d36e8abee57766b2b3a806ba583a7ec7
- SHA256
  
  caa35807916b5fbe3e9a93757753a4512712377ad0a25d1109d6937df96b4a6b
- SHA512
  
  f49c6b641441d57084aec1f98591446b17fdea2df2e1514578a76c83690b8ce97197ce9b3f99d6ec8894e74428c46611653b0a253aecb76d86d8315b4379d9b4
- SSDEEP
  
  1536:6bQx5oPsr2vFxDPhAvzgAQzFZ77MzeTmZ:6bQRSHpAvzyf7MzeTW
Score

10^/10

urelas discovery trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

urelasdiscoverytrojan

behavioral2

urelasdiscoverytrojan