urelas | 9fb2d1aa8a690de100629d4029dcb40bb9c1a8a19bf783ff4d29c8e211546167 | Triage

Sharing

General

Target

33a0d35356cb29cc100814c509666060N.exe
Size

61KB
Sample

240829-e5k3gswaqr
MD5

33a0d35356cb29cc100814c509666060
SHA1

004f841827eb1977ee1c9a8027b497ef4645f978
SHA256

9fb2d1aa8a690de100629d4029dcb40bb9c1a8a19bf783ff4d29c8e211546167
SHA512

74701d39f4e0c004ffd1785ca9b912dac1490b2e366122b60c7726c1c2ac4a4a9f47879889794cae9e5451c2d3581d2f20d19d6535299db41ee25f024bbe20e8
SSDEEP

1536:saTkcl2v/z0thjkh6+uYLo31d0JuPrROVz:Jo0cAthu6+FQ0JuPkz

Score

10^/10

urelas discovery trojan

Malware Config

Extracted

Family

urelas

C2

218.54.47.76

218.54.47.77

218.54.47.74

Targets

- Target
  
  33a0d35356cb29cc100814c509666060N.exe
- Size
  
  61KB
- MD5
  
  33a0d35356cb29cc100814c509666060
- SHA1
  
  004f841827eb1977ee1c9a8027b497ef4645f978
- SHA256
  
  9fb2d1aa8a690de100629d4029dcb40bb9c1a8a19bf783ff4d29c8e211546167
- SHA512
  
  74701d39f4e0c004ffd1785ca9b912dac1490b2e366122b60c7726c1c2ac4a4a9f47879889794cae9e5451c2d3581d2f20d19d6535299db41ee25f024bbe20e8
- SSDEEP
  
  1536:saTkcl2v/z0thjkh6+uYLo31d0JuPrROVz:Jo0cAthu6+FQ0JuPkz
Score

10^/10

urelas discovery trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

urelasdiscoverytrojan

behavioral2

urelasdiscoverytrojan