urelas | d5ebdd2cbd84967b0b9f1aec013cdd4e08b514cdf18d8d362e93fc998b3feedb | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d5ebdd2cbd84967b0b9f1aec013cdd4e08b514cdf18d8d362e93fc998b3feedb
Size

326KB
Sample

241022-d2wt5svapd
MD5

fa9e0af05382b06bf0e4f2229fa6d583
SHA1

b87c298e325e5d1805ac695f51d25b3a93ab8a04
SHA256

d5ebdd2cbd84967b0b9f1aec013cdd4e08b514cdf18d8d362e93fc998b3feedb
SHA512

b502c6e0cc7180eb91f76c6ba78caa71f8de47a935be10523f7db1d59fa61415841c1884f4bdd72afe102964cdd5e6767ddd19bddc8001e21a5272cc2348bcb5
SSDEEP

6144:nvHWrZ+i8/iYiVst4UKVRw8pDrKlGSeNWcx1RsF9gc+XYW:vHW138/iXWlK885rKlGSekcj66ciH

Score

10^/10

urelas discovery trojan

Malware Config

Extracted

Family

urelas

C2

218.54.31.226

218.54.31.165

218.54.31.166

Targets

- Target
  
  d5ebdd2cbd84967b0b9f1aec013cdd4e08b514cdf18d8d362e93fc998b3feedb
- Size
  
  326KB
- MD5
  
  fa9e0af05382b06bf0e4f2229fa6d583
- SHA1
  
  b87c298e325e5d1805ac695f51d25b3a93ab8a04
- SHA256
  
  d5ebdd2cbd84967b0b9f1aec013cdd4e08b514cdf18d8d362e93fc998b3feedb
- SHA512
  
  b502c6e0cc7180eb91f76c6ba78caa71f8de47a935be10523f7db1d59fa61415841c1884f4bdd72afe102964cdd5e6767ddd19bddc8001e21a5272cc2348bcb5
- SSDEEP
  
  6144:nvHWrZ+i8/iYiVst4UKVRw8pDrKlGSeNWcx1RsF9gc+XYW:vHW138/iXWlK885rKlGSekcj66ciH
Score

10^/10

urelas discovery trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

urelasdiscoverytrojan

behavioral2

urelasdiscoverytrojan