urelas | 6247b088f52e7fa19214ff7d6bfe9c5db02bcac4e32b96ead05b7f7df6e19f8b | Triage

Sharing

General

Target

6247b088f52e7fa19214ff7d6bfe9c5db02bcac4e32b96ead05b7f7df6e19f8bN
Size

64KB
Sample

241019-whsbqayhnb
MD5

f60c4831ff8c4ddd3ef0d940ca957db0
SHA1

e27c85679659275ea5e118ba1d9623afaf1ebe61
SHA256

6247b088f52e7fa19214ff7d6bfe9c5db02bcac4e32b96ead05b7f7df6e19f8b
SHA512

fede514ecb7bf13caf3bb36b4d9e037977c8633517f3c0802cdef2b124ab23427923c92f6baa3d82c9fc377cd1563ec63c51a64e8192102c24bf9edff2fb18ce
SSDEEP

1536:nK0GjMeQG3iaQREuVZ6ro29p4YxbKdQouZHw:K0GAqjuVZ6rNOFu5w

Score

10^/10

urelas discovery trojan

Malware Config

Extracted

Family

urelas

C2

218.54.47.76

218.54.47.77

218.54.47.74

Targets

- Target
  
  6247b088f52e7fa19214ff7d6bfe9c5db02bcac4e32b96ead05b7f7df6e19f8bN
- Size
  
  64KB
- MD5
  
  f60c4831ff8c4ddd3ef0d940ca957db0
- SHA1
  
  e27c85679659275ea5e118ba1d9623afaf1ebe61
- SHA256
  
  6247b088f52e7fa19214ff7d6bfe9c5db02bcac4e32b96ead05b7f7df6e19f8b
- SHA512
  
  fede514ecb7bf13caf3bb36b4d9e037977c8633517f3c0802cdef2b124ab23427923c92f6baa3d82c9fc377cd1563ec63c51a64e8192102c24bf9edff2fb18ce
- SSDEEP
  
  1536:nK0GjMeQG3iaQREuVZ6ro29p4YxbKdQouZHw:K0GAqjuVZ6rNOFu5w
Score

10^/10

urelas discovery trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

urelasdiscoverytrojan

behavioral2

urelasdiscoverytrojan