urelas | cfdde0804dccc58de0f14e601521bb964160fb47184c0e007a0c2727164a8411 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

726ec9f9f326359f6a2203567e629c8a.zip
Size

267KB
Sample

240903-x1ap3avblp
MD5

e2d269c3645ddd98842eda491b2e5a54
SHA1

d265dc36545cb6828d00db2089122e3998e92e0f
SHA256

cfdde0804dccc58de0f14e601521bb964160fb47184c0e007a0c2727164a8411
SHA512

9fa2c64b9715f7f2e89091585b3ef2df9c3c667290a35603246f496dd9b416559d278fc690b8459d52d6b366839a019c89aa7bde195a75aa6c1fab8bbde6dbe2
SSDEEP

6144:DvNHOZhs3KIrCdRFY8AH0sGeLiFVvqkkt:DvZOZeKrdRFA1GVVY

Score

10^/10

urelas discovery trojan

Malware Config

Extracted

Family

urelas

C2

218.54.31.165

218.54.31.226

Targets

- Target
  
  656b2a66c22215139e2dbadbe3fdda91bb50c0661408f626599519157b3d0097
- Size
  
  448KB
- MD5
  
  726ec9f9f326359f6a2203567e629c8a
- SHA1
  
  88bd124d942a431d096c8fadffa3901cbd7888cb
- SHA256
  
  656b2a66c22215139e2dbadbe3fdda91bb50c0661408f626599519157b3d0097
- SHA512
  
  0c2f5997f0baa395b871aab739d04d21e5ef6257f4008c0332483c3bf2541cf3cec8fb81d9964d64ab26832dacf720455ab653484d1f5b4cfb4ab2e6726c9305
- SSDEEP
  
  6144:PEK25f5ySIcWLsxIIW4DYM6SB6v+qLnAzYmhwrxcvkzmSOpomn:PMpASIcWYx2U6hAJQn6
Score

10^/10

urelas discovery trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

urelasdiscoverytrojan

behavioral2

urelasdiscoverytrojan