urelas | 5a9b91f05d7f5ee660fc98c8da504699b9aa23ed3e16ae2eb0219fbddf1f7d08 | Triage

Sharing

General

Target

c77903b2dab32bac459ef385419fcf30N.exe
Size

328KB
Sample

240829-pytfdssbqa
MD5

c77903b2dab32bac459ef385419fcf30
SHA1

eba376e894920db2dfb8ed394798e80d96c24e55
SHA256

5a9b91f05d7f5ee660fc98c8da504699b9aa23ed3e16ae2eb0219fbddf1f7d08
SHA512

6cd6fd3ecb02c85c8b5cceea28c89b6c3ede4292cfb7342878df0f4ddcfcf64a45741208a61ee5f7c7cf37e1ad6f0e319189891578f66a5114d56c864b489008
SSDEEP

6144:nvHWrZ+i8/iYiVst4UKVRw8pDrKlGSeNWcx1RsF9gc+XYh:vHW138/iXWlK885rKlGSekcj66ciI

Score

10^/10

urelas discovery trojan

Malware Config

Extracted

Family

urelas

C2

218.54.31.226

218.54.31.165

218.54.31.166

Targets

- Target
  
  c77903b2dab32bac459ef385419fcf30N.exe
- Size
  
  328KB
- MD5
  
  c77903b2dab32bac459ef385419fcf30
- SHA1
  
  eba376e894920db2dfb8ed394798e80d96c24e55
- SHA256
  
  5a9b91f05d7f5ee660fc98c8da504699b9aa23ed3e16ae2eb0219fbddf1f7d08
- SHA512
  
  6cd6fd3ecb02c85c8b5cceea28c89b6c3ede4292cfb7342878df0f4ddcfcf64a45741208a61ee5f7c7cf37e1ad6f0e319189891578f66a5114d56c864b489008
- SSDEEP
  
  6144:nvHWrZ+i8/iYiVst4UKVRw8pDrKlGSeNWcx1RsF9gc+XYh:vHW138/iXWlK885rKlGSekcj66ciI
Score

10^/10

urelas discovery trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

urelasdiscoverytrojan

behavioral2

urelasdiscoverytrojan