urelas | fd2b764bb57ea391ba5faf686914d5fc11ef5227ba71f101839df05bcc590cb3 | Triage

Sharing

General

Target

fd2b764bb57ea391ba5faf686914d5fc11ef5227ba71f101839df05bcc590cb3
Size

274KB
Sample

240805-gcfcmsybkk
MD5

f9d00f7699813cc5bb0a8ac8c5d16587
SHA1

e1fe07952c2801edc558d796db210a7d73618219
SHA256

fd2b764bb57ea391ba5faf686914d5fc11ef5227ba71f101839df05bcc590cb3
SHA512

bc812f6be813f7f472fe3145c5476720e169f60901c41c0cc758c0447df0c10e8da5e56dbee884c84edf9fd8463364c2bb614d7ec84cc0072426a8c63b081e82
SSDEEP

3072:pp56zRJ83+OJ7NoGvdwWy6k04yW/KME0jj0wA6m:pOzRWu27dlOd5W0Ih

Score

10^/10

urelas discovery trojan

Malware Config

Extracted

Family

urelas

C2

218.54.47.76

218.54.47.77

218.54.47.74

Targets

- Target
  
  fd2b764bb57ea391ba5faf686914d5fc11ef5227ba71f101839df05bcc590cb3
- Size
  
  274KB
- MD5
  
  f9d00f7699813cc5bb0a8ac8c5d16587
- SHA1
  
  e1fe07952c2801edc558d796db210a7d73618219
- SHA256
  
  fd2b764bb57ea391ba5faf686914d5fc11ef5227ba71f101839df05bcc590cb3
- SHA512
  
  bc812f6be813f7f472fe3145c5476720e169f60901c41c0cc758c0447df0c10e8da5e56dbee884c84edf9fd8463364c2bb614d7ec84cc0072426a8c63b081e82
- SSDEEP
  
  3072:pp56zRJ83+OJ7NoGvdwWy6k04yW/KME0jj0wA6m:pOzRWu27dlOd5W0Ih
Score

10^/10

urelas discovery trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

urelasdiscoverytrojan

behavioral2

urelasdiscoverytrojan