urelas | 12efad2cf07da1cc5c0013bea8fa60b3cbf8b8e0b30a5dd356f5cae8003cf303 | Triage

Sharing

General

Target

c2152cf6e1df9e6b8db5cd728bf1b0a0N.exe
Size

61KB
Sample

240806-shk1vsscnk
MD5

c2152cf6e1df9e6b8db5cd728bf1b0a0
SHA1

372fbcd75b08111ba25b65eb7e5b910bf723f7c8
SHA256

12efad2cf07da1cc5c0013bea8fa60b3cbf8b8e0b30a5dd356f5cae8003cf303
SHA512

a6ff4a0ab9a0b425c803dc5f9b42e5d963d7753b945384c04e7c4377ad82522ab4f4c559efb508785c85c4d7447cfa7fbf48835d6c474f81d1fd668c76f26592
SSDEEP

1536:saTkcl2v/z0thjkh6+uYLo31d0JuPrROV5:Jo0cAthu6+FQ0JuPk5

Score

10^/10

urelas discovery trojan

Malware Config

Extracted

Family

urelas

C2

218.54.47.76

218.54.47.77

218.54.47.74

Targets

- Target
  
  c2152cf6e1df9e6b8db5cd728bf1b0a0N.exe
- Size
  
  61KB
- MD5
  
  c2152cf6e1df9e6b8db5cd728bf1b0a0
- SHA1
  
  372fbcd75b08111ba25b65eb7e5b910bf723f7c8
- SHA256
  
  12efad2cf07da1cc5c0013bea8fa60b3cbf8b8e0b30a5dd356f5cae8003cf303
- SHA512
  
  a6ff4a0ab9a0b425c803dc5f9b42e5d963d7753b945384c04e7c4377ad82522ab4f4c559efb508785c85c4d7447cfa7fbf48835d6c474f81d1fd668c76f26592
- SSDEEP
  
  1536:saTkcl2v/z0thjkh6+uYLo31d0JuPrROV5:Jo0cAthu6+FQ0JuPk5
Score

10^/10

urelas discovery trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

urelasdiscoverytrojan

behavioral2

urelasdiscoverytrojan