urelas | a3f416e56091e44f9ae67b9fe9e906bf814c4a7b08bc2d2393df77ab89eafadf | Triage

Sharing

General

Target

a3f416e56091e44f9ae67b9fe9e906bf814c4a7b08bc2d2393df77ab89eafadfN
Size

60KB
Sample

241022-gajmaazerd
MD5

3a9d1312d8b678aab7ca27dbbb851620
SHA1

d2df98549bcf20190b4a06da0c4f5c629a1c1f20
SHA256

a3f416e56091e44f9ae67b9fe9e906bf814c4a7b08bc2d2393df77ab89eafadf
SHA512

f0d3e1a58993e99359ec6f69a4734ea25977401cad7456d1b4c658188508269fe6b5c86974a0131fd77c35d9d24053a0b749dabc6982fc7ad9cf4d5ca81bc3e0
SSDEEP

768:jb4zb59Yix/RoyH+5flZirYqc97vFvrpaZG3DHvTdA9GgnOuS5Z3WXcKIZx5uYjm:jbQx5oPsr2vFxDPhAvzgdWLIZ7vGH

Score

10^/10

urelas discovery trojan

Malware Config

Extracted

Family

urelas

C2

218.54.47.76

218.54.47.77

218.54.47.74

Targets

- Target
  
  a3f416e56091e44f9ae67b9fe9e906bf814c4a7b08bc2d2393df77ab89eafadfN
- Size
  
  60KB
- MD5
  
  3a9d1312d8b678aab7ca27dbbb851620
- SHA1
  
  d2df98549bcf20190b4a06da0c4f5c629a1c1f20
- SHA256
  
  a3f416e56091e44f9ae67b9fe9e906bf814c4a7b08bc2d2393df77ab89eafadf
- SHA512
  
  f0d3e1a58993e99359ec6f69a4734ea25977401cad7456d1b4c658188508269fe6b5c86974a0131fd77c35d9d24053a0b749dabc6982fc7ad9cf4d5ca81bc3e0
- SSDEEP
  
  768:jb4zb59Yix/RoyH+5flZirYqc97vFvrpaZG3DHvTdA9GgnOuS5Z3WXcKIZx5uYjm:jbQx5oPsr2vFxDPhAvzgdWLIZ7vGH
Score

10^/10

urelas discovery trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

urelasdiscoverytrojan

behavioral2

urelasdiscoverytrojan