urelas | aa1c7b1cce8af4e05ad771abe5aa7856c2c0b29f9db45d0814f6c228cc0d4df3 | Triage

Sharing

General

Target

aa1c7b1cce8af4e05ad771abe5aa7856c2c0b29f9db45d0814f6c228cc0d4df3
Size

785KB
Sample

240901-bmjj6awerq
MD5

711330e20b816ca760a1aa4d4f4760eb
SHA1

d9da779a619f1ffa0d2dba6b7ef752fb61ce4c25
SHA256

aa1c7b1cce8af4e05ad771abe5aa7856c2c0b29f9db45d0814f6c228cc0d4df3
SHA512

5438ae7b6208eaf1b9f7ecb36793a01b75a573f4d35a53b7e2651c4bdf7b2e76a6ef55625bf2775dc5dbc2004b3c19e8be00f02b76ed499af4eb38983a71b51d
SSDEEP

12288:57dL4AkwWNk82HAEGfKKBhVGT5OY8pgA65t8mv5pThkJ8HxW0d8GYEggH:57dLBftJLW5YUWLrkJB0PJggH

Score

10^/10

urelas discovery trojan

Malware Config

Extracted

Family

urelas

C2

218.54.31.165

218.54.31.226

Targets

- Target
  
  aa1c7b1cce8af4e05ad771abe5aa7856c2c0b29f9db45d0814f6c228cc0d4df3
- Size
  
  785KB
- MD5
  
  711330e20b816ca760a1aa4d4f4760eb
- SHA1
  
  d9da779a619f1ffa0d2dba6b7ef752fb61ce4c25
- SHA256
  
  aa1c7b1cce8af4e05ad771abe5aa7856c2c0b29f9db45d0814f6c228cc0d4df3
- SHA512
  
  5438ae7b6208eaf1b9f7ecb36793a01b75a573f4d35a53b7e2651c4bdf7b2e76a6ef55625bf2775dc5dbc2004b3c19e8be00f02b76ed499af4eb38983a71b51d
- SSDEEP
  
  12288:57dL4AkwWNk82HAEGfKKBhVGT5OY8pgA65t8mv5pThkJ8HxW0d8GYEggH:57dLBftJLW5YUWLrkJB0PJggH
Score

10^/10

urelas discovery trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

urelasdiscoverytrojan

behavioral2

urelasdiscoverytrojan