urelas | 41a59ae071264aa21234503aa0d242738bd3e43240de80ef9dca815a3cee1dd0 | Triage

Sharing

General

Target

888259a11434a8a9946875f80ab54aa0N.exe
Size

61KB
Sample

240806-k1wajsvfnp
MD5

888259a11434a8a9946875f80ab54aa0
SHA1

dd761b644dc9f0d8a275103fcc16a737ad6ae561
SHA256

41a59ae071264aa21234503aa0d242738bd3e43240de80ef9dca815a3cee1dd0
SHA512

d81333d155e3c75879301fea766c0fe8a7e3347251814c955093b8dae3e1ed22ac913839a22d02588e91ce11a6bfcee2bcb59f71b86130afff6e68df2aa0f8ba
SSDEEP

1536:saTkcl2v/z0thjkh6+uYLo31d0JuPrROVV:Jo0cAthu6+FQ0JuPkV

Score

10^/10

urelas discovery trojan

Malware Config

Extracted

Family

urelas

C2

218.54.47.76

218.54.47.77

218.54.47.74

Targets

- Target
  
  888259a11434a8a9946875f80ab54aa0N.exe
- Size
  
  61KB
- MD5
  
  888259a11434a8a9946875f80ab54aa0
- SHA1
  
  dd761b644dc9f0d8a275103fcc16a737ad6ae561
- SHA256
  
  41a59ae071264aa21234503aa0d242738bd3e43240de80ef9dca815a3cee1dd0
- SHA512
  
  d81333d155e3c75879301fea766c0fe8a7e3347251814c955093b8dae3e1ed22ac913839a22d02588e91ce11a6bfcee2bcb59f71b86130afff6e68df2aa0f8ba
- SSDEEP
  
  1536:saTkcl2v/z0thjkh6+uYLo31d0JuPrROVV:Jo0cAthu6+FQ0JuPkV
Score

10^/10

urelas discovery trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

urelasdiscoverytrojan

behavioral2

urelasdiscoverytrojan