urelas | 7aa19f93599b76197e927df94e15d49d2ad81354544e787bd1780e017aab294d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

7aa19f93599b76197e927df94e15d49d2ad81354544e787bd1780e017aab294dN
Size

332KB
Sample

241004-ssgfes1gjl
MD5

9ebbe290a19b316f1d2e4c3f03599c20
SHA1

763c3d634611dd47711e9e5e6a20e150029a70fb
SHA256

7aa19f93599b76197e927df94e15d49d2ad81354544e787bd1780e017aab294d
SHA512

c2267a3ac9a93dec9dd04f9359b377ad98da067325985bebfc70c2268309dce34e06e25b6e826a44eff06d7880e5fa1d0e4533d7c84d5492beb9ef580ae6c73a
SSDEEP

6144:nvHWrZ+i8/iYiVst4UKVRw8pDrKlGSeNWcx1RsF9gc+XYx:vHW138/iXWlK885rKlGSekcj66cig

Score

10^/10

urelas discovery trojan

Malware Config

Extracted

Family

urelas

C2

218.54.31.226

218.54.31.165

218.54.31.166

Targets

- Target
  
  7aa19f93599b76197e927df94e15d49d2ad81354544e787bd1780e017aab294dN
- Size
  
  332KB
- MD5
  
  9ebbe290a19b316f1d2e4c3f03599c20
- SHA1
  
  763c3d634611dd47711e9e5e6a20e150029a70fb
- SHA256
  
  7aa19f93599b76197e927df94e15d49d2ad81354544e787bd1780e017aab294d
- SHA512
  
  c2267a3ac9a93dec9dd04f9359b377ad98da067325985bebfc70c2268309dce34e06e25b6e826a44eff06d7880e5fa1d0e4533d7c84d5492beb9ef580ae6c73a
- SSDEEP
  
  6144:nvHWrZ+i8/iYiVst4UKVRw8pDrKlGSeNWcx1RsF9gc+XYx:vHW138/iXWlK885rKlGSekcj66cig
Score

10^/10

urelas discovery trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

urelasdiscoverytrojan

behavioral2

urelasdiscoverytrojan