urelas | 5d18f23c54458bd6042b2e9e70cf459e0407172e2892e8170b08a7edae989319 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5d18f23c54458bd6042b2e9e70cf459e0407172e2892e8170b08a7edae989319N
Size

330KB
Sample

241022-rxqzzs1hrl
MD5

1934b9fd3d4233a49c5a06c55d7090a0
SHA1

ce80f3ef5804d5984bb7e0d49eefca29a4e16cfe
SHA256

5d18f23c54458bd6042b2e9e70cf459e0407172e2892e8170b08a7edae989319
SHA512

349e8661ddce7cbfb9aa7eb0f8b9014543d1c4a2ffdda8b9fecf3927b47894791765d29373656ce9658b6eadf6532107ba5be8cd583573dfca0b64852cdb8b5d
SSDEEP

6144:nvHWrZ+i8/iYiVst4UKVRw8pDrKlGSeNWcx1RsF9gc+XYVO:vHW138/iXWlK885rKlGSekcj66ciEO

Score

10^/10

urelas discovery trojan

Malware Config

Extracted

Family

urelas

C2

218.54.31.226

218.54.31.165

218.54.31.166

Targets

- Target
  
  5d18f23c54458bd6042b2e9e70cf459e0407172e2892e8170b08a7edae989319N
- Size
  
  330KB
- MD5
  
  1934b9fd3d4233a49c5a06c55d7090a0
- SHA1
  
  ce80f3ef5804d5984bb7e0d49eefca29a4e16cfe
- SHA256
  
  5d18f23c54458bd6042b2e9e70cf459e0407172e2892e8170b08a7edae989319
- SHA512
  
  349e8661ddce7cbfb9aa7eb0f8b9014543d1c4a2ffdda8b9fecf3927b47894791765d29373656ce9658b6eadf6532107ba5be8cd583573dfca0b64852cdb8b5d
- SSDEEP
  
  6144:nvHWrZ+i8/iYiVst4UKVRw8pDrKlGSeNWcx1RsF9gc+XYVO:vHW138/iXWlK885rKlGSekcj66ciEO
Score

10^/10

urelas discovery trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

urelasdiscoverytrojan

behavioral2

urelasdiscoverytrojan