urelas | c1e416b5ef92bb83151b2033bb85771ab1ff9d6538c774bffd2da862c250dc9e | Triage

Sharing

General

Target

71ca76e53b3cf6b0d0645516599f6866.zip
Size

254KB
Sample

240901-xcskzazamh
MD5

08947c0ca1bc021a9d69df3b76ff54b1
SHA1

aa51e8d7436c62516d808f74fddec441c32b4e4e
SHA256

c1e416b5ef92bb83151b2033bb85771ab1ff9d6538c774bffd2da862c250dc9e
SHA512

d8544209c90c5f09196e398714fb211da899e9f4b3a4752bca861562574d625f315b0bfdba8cf78c91bedc5b65bc76d6a0f6603405b3b5c62fd8d0342705771f
SSDEEP

6144:P4N6MsToVKIv5HFu3bZf0VsDzd835WU2N3VB978fqd8Cl:Pq5hHFu1iGdHtVL78fWv

Score

10^/10

urelas discovery trojan

Malware Config

Extracted

Family

urelas

C2

218.54.31.226

218.54.31.165

Targets

- Target
  
  a56f581e5702649e6e049130a90f9beb954acc90fc5d060366cf4de35b493914
- Size
  
  597KB
- MD5
  
  71ca76e53b3cf6b0d0645516599f6866
- SHA1
  
  e3469fb09232a1d59693ac4dda46205567d51410
- SHA256
  
  a56f581e5702649e6e049130a90f9beb954acc90fc5d060366cf4de35b493914
- SHA512
  
  d9e45182d9107cfbd9b1046e755e1719e914ee3c9840657626950a70cbf410f142c41512cec10c31d02bcc2000d9aff1403ff4945f0eece89917b6f5197794cd
- SSDEEP
  
  6144:KzU7blKaPcbhj+bB7ktZeRnVDJm0oNjOPdInpBH:MU7MLb4BQkntwNjqd2
Score

10^/10

urelas discovery trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

urelasdiscoverytrojan

behavioral2

urelasdiscoverytrojan