urelas | 97fd7fd1a5f91dd2e568acf6c600f673af1441cb1f2c200997427d6439d03192 | Triage

Sharing

General

Target

97fd7fd1a5f91dd2e568acf6c600f673af1441cb1f2c200997427d6439d03192N
Size

324KB
Sample

241021-a249qs1flq
MD5

60c59dea12551bf5b3f21ad87876b320
SHA1

e51d064f3e953c103c9755f6ebf54a52aa381610
SHA256

97fd7fd1a5f91dd2e568acf6c600f673af1441cb1f2c200997427d6439d03192
SHA512

2fb4cf8d60a98b0d4ca369c9f3fdf9b424729103116a2cb5ef4eaf2d1416d3a4a0268e48c533c7580da77e400acc0191617081119ddb2adad391ce981f9c9e63
SSDEEP

6144:nvHWrZ+i8/iYiVst4UKVRw8pDrKlGSeNWcx1RsF9gc+XY8:vHW138/iXWlK885rKlGSekcj66cix

Score

10^/10

urelas discovery trojan

Malware Config

Extracted

Family

urelas

C2

218.54.31.226

218.54.31.165

218.54.31.166

Targets

- Target
  
  97fd7fd1a5f91dd2e568acf6c600f673af1441cb1f2c200997427d6439d03192N
- Size
  
  324KB
- MD5
  
  60c59dea12551bf5b3f21ad87876b320
- SHA1
  
  e51d064f3e953c103c9755f6ebf54a52aa381610
- SHA256
  
  97fd7fd1a5f91dd2e568acf6c600f673af1441cb1f2c200997427d6439d03192
- SHA512
  
  2fb4cf8d60a98b0d4ca369c9f3fdf9b424729103116a2cb5ef4eaf2d1416d3a4a0268e48c533c7580da77e400acc0191617081119ddb2adad391ce981f9c9e63
- SSDEEP
  
  6144:nvHWrZ+i8/iYiVst4UKVRw8pDrKlGSeNWcx1RsF9gc+XY8:vHW138/iXWlK885rKlGSekcj66cix
Score

10^/10

urelas discovery trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

urelasdiscoverytrojan

behavioral2

urelasdiscoverytrojan