urelas | 9f0be966126270cfe6bb727666dc8c44fc56bda112504519c072fb5b332f4b40 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

9f0be966126270cfe6bb727666dc8c44fc56bda112504519c072fb5b332f4b40
Size

68KB
Sample

241023-cd33waxenm
MD5

e1062b83895053e0aa9fa0df0aaf0b51
SHA1

8be326f782cf30ffc04364fd7bc0d1ee9a67181a
SHA256

9f0be966126270cfe6bb727666dc8c44fc56bda112504519c072fb5b332f4b40
SHA512

e9e30c2f9cee8d1a9c8234363e1a6a3feb227002ef29af9177c88490edfcdcd38dc5732a1dbb0af374d71a38bde4dcb2d75a9e33b12c8872b4c2045c926551a0
SSDEEP

1536:04/WgLAjdZsp+uChoLnDeoqYAJjvLFymnHsPeO+I:l//AjMp+u2onejH2Pee

Score

10^/10

urelas discovery trojan

Malware Config

Extracted

Family

urelas

C2

218.54.47.76

218.54.47.77

218.54.47.74

Targets

- Target
  
  9f0be966126270cfe6bb727666dc8c44fc56bda112504519c072fb5b332f4b40
- Size
  
  68KB
- MD5
  
  e1062b83895053e0aa9fa0df0aaf0b51
- SHA1
  
  8be326f782cf30ffc04364fd7bc0d1ee9a67181a
- SHA256
  
  9f0be966126270cfe6bb727666dc8c44fc56bda112504519c072fb5b332f4b40
- SHA512
  
  e9e30c2f9cee8d1a9c8234363e1a6a3feb227002ef29af9177c88490edfcdcd38dc5732a1dbb0af374d71a38bde4dcb2d75a9e33b12c8872b4c2045c926551a0
- SSDEEP
  
  1536:04/WgLAjdZsp+uChoLnDeoqYAJjvLFymnHsPeO+I:l//AjMp+u2onejH2Pee
Score

10^/10

urelas discovery trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

urelasdiscoverytrojan

behavioral2

urelasdiscoverytrojan