urelas | 606c454ee732e2e5cfee7786df5787f77ef0dce745205de62f760ef62847572d | Triage

Sharing

General

Target

606c454ee732e2e5cfee7786df5787f77ef0dce745205de62f760ef62847572dN
Size

57KB
Sample

241021-bbscxszglg
MD5

3e729ff667755e3013c0208b90f8d470
SHA1

3103c927ff71b3f97d07c97b63fcd48a3a973dbb
SHA256

606c454ee732e2e5cfee7786df5787f77ef0dce745205de62f760ef62847572d
SHA512

de83a9554730f3f523bec965a0c680102fd3e22cf61e439f94a2ef710f7a08ea748c10befed9f89a175cfc22ff49c2e4599628c9626c076a03fb63b4e533afa2
SSDEEP

1536:MQPzemdaNqAPG17k74qlmbbVgYyvxcd5jnGWqN7kS8y:MOemdTd1o74qlmbbJ+x+IkA

Score

10^/10

urelas discovery trojan

Malware Config

Extracted

Family

urelas

C2

218.54.47.76

218.54.47.77

218.54.47.74

Targets

- Target
  
  606c454ee732e2e5cfee7786df5787f77ef0dce745205de62f760ef62847572dN
- Size
  
  57KB
- MD5
  
  3e729ff667755e3013c0208b90f8d470
- SHA1
  
  3103c927ff71b3f97d07c97b63fcd48a3a973dbb
- SHA256
  
  606c454ee732e2e5cfee7786df5787f77ef0dce745205de62f760ef62847572d
- SHA512
  
  de83a9554730f3f523bec965a0c680102fd3e22cf61e439f94a2ef710f7a08ea748c10befed9f89a175cfc22ff49c2e4599628c9626c076a03fb63b4e533afa2
- SSDEEP
  
  1536:MQPzemdaNqAPG17k74qlmbbVgYyvxcd5jnGWqN7kS8y:MOemdTd1o74qlmbbJ+x+IkA
Score

10^/10

urelas discovery trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

urelasdiscoverytrojan

behavioral2

urelasdiscoverytrojan