urelas | d33939167cb7913cff8dc6fec4c3f430843cde388e960341abfa16f18ce5be3a | Triage

Sharing

General

Target

d33939167cb7913cff8dc6fec4c3f430843cde388e960341abfa16f18ce5be3aN
Size

77KB
Sample

241019-gxhnha1emf
MD5

bca760b18a6a289ac9c7472b239f48c0
SHA1

b0ad35fb2654e68f68fda67340564dcfe5fdae4d
SHA256

d33939167cb7913cff8dc6fec4c3f430843cde388e960341abfa16f18ce5be3a
SHA512

63b7b58d5d3eecfad4313ed53ed1c1122b9b21ed9ae06efab6558dba59145228bc0582e7cadc1f74c67d0636e670736519479bebe54cc0507f0247737457a3f6
SSDEEP

768:xZU9HZe4JZxPKAgmmE2jmXwTcxlhshya4qCIDWObp2EfoiSCMy6MuHg/wrYaFRdo:xce4ZKAvTwTcshJDzo9LHyUYmdGT/TC+

Score

10^/10

urelas discovery trojan

Malware Config

Extracted

Family

urelas

C2

112.175.88.207

112.175.88.208

Targets

- Target
  
  d33939167cb7913cff8dc6fec4c3f430843cde388e960341abfa16f18ce5be3aN
- Size
  
  77KB
- MD5
  
  bca760b18a6a289ac9c7472b239f48c0
- SHA1
  
  b0ad35fb2654e68f68fda67340564dcfe5fdae4d
- SHA256
  
  d33939167cb7913cff8dc6fec4c3f430843cde388e960341abfa16f18ce5be3a
- SHA512
  
  63b7b58d5d3eecfad4313ed53ed1c1122b9b21ed9ae06efab6558dba59145228bc0582e7cadc1f74c67d0636e670736519479bebe54cc0507f0247737457a3f6
- SSDEEP
  
  768:xZU9HZe4JZxPKAgmmE2jmXwTcxlhshya4qCIDWObp2EfoiSCMy6MuHg/wrYaFRdo:xce4ZKAvTwTcshJDzo9LHyUYmdGT/TC+
Score

10^/10

urelas discovery trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

urelasdiscoverytrojan

behavioral2

urelasdiscoverytrojan