urelas | ff72025592c65024ad87548af7431d3003fe8aa28e8d236627c8ddb5b422a5d6 | Triage

Sharing

General

Target

ff72025592c65024ad87548af7431d3003fe8aa28e8d236627c8ddb5b422a5d6
Size

331KB
Sample

241019-f4jnpssakj
MD5

f0dd240cd2f939bac9a5cdeeaef5bd0f
SHA1

2e5da045a18a8fc6e5c511161b81e677f29b81c0
SHA256

ff72025592c65024ad87548af7431d3003fe8aa28e8d236627c8ddb5b422a5d6
SHA512

967b5ef74ea32b59dedbb1dc522157b80933585304f2c1f99e0605800599ec500d6325d6d1643566d7488d925756d2ffc79e4c851da3fd2df33b7f00e08ed09c
SSDEEP

6144:nvHWrZ+i8/iYiVst4UKVRw8pDrKlGSeNWcx1RsF9gc+XYB:vHW138/iXWlK885rKlGSekcj66ciY

Score

10^/10

urelas discovery trojan

Malware Config

Extracted

Family

urelas

C2

218.54.31.226

218.54.31.165

218.54.31.166

Targets

- Target
  
  ff72025592c65024ad87548af7431d3003fe8aa28e8d236627c8ddb5b422a5d6
- Size
  
  331KB
- MD5
  
  f0dd240cd2f939bac9a5cdeeaef5bd0f
- SHA1
  
  2e5da045a18a8fc6e5c511161b81e677f29b81c0
- SHA256
  
  ff72025592c65024ad87548af7431d3003fe8aa28e8d236627c8ddb5b422a5d6
- SHA512
  
  967b5ef74ea32b59dedbb1dc522157b80933585304f2c1f99e0605800599ec500d6325d6d1643566d7488d925756d2ffc79e4c851da3fd2df33b7f00e08ed09c
- SSDEEP
  
  6144:nvHWrZ+i8/iYiVst4UKVRw8pDrKlGSeNWcx1RsF9gc+XYB:vHW138/iXWlK885rKlGSekcj66ciY
Score

10^/10

urelas discovery trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

urelasdiscoverytrojan

behavioral2

urelasdiscoverytrojan