urelas | 6d9170acdda28eca471c60ef67e054ad96a5f276817c52da16c2440e2914ebbd | Triage

Sharing

Copy URL Twitter E-mail

General

Target

6d9170acdda28eca471c60ef67e054ad96a5f276817c52da16c2440e2914ebbdN
Size

457KB
Sample

241023-n12n4szhkq
MD5

dec5a6566fa74db709b1b23f066d5ac0
SHA1

39b0e9ebb6d82db7595ceefff979d544bc246f64
SHA256

6d9170acdda28eca471c60ef67e054ad96a5f276817c52da16c2440e2914ebbd
SHA512

a9084185fe024618834e5022cbf2170bac4dad911af0be9dcb017d3c9192659562948dfc03338f542aeb32d626954542ff44857910d50bac87bc448037a4358e
SSDEEP

6144:PEK25f5ySIcWLsxIIW4DYM6SB6v+qLnAzYmhwrxcvkzmSOpzG:PMpASIcWYx2U6hAJQn9

Score

10^/10

urelas discovery trojan

Malware Config

Extracted

Family

urelas

C2

218.54.31.165

218.54.31.226

Targets

- Target
  
  6d9170acdda28eca471c60ef67e054ad96a5f276817c52da16c2440e2914ebbdN
- Size
  
  457KB
- MD5
  
  dec5a6566fa74db709b1b23f066d5ac0
- SHA1
  
  39b0e9ebb6d82db7595ceefff979d544bc246f64
- SHA256
  
  6d9170acdda28eca471c60ef67e054ad96a5f276817c52da16c2440e2914ebbd
- SHA512
  
  a9084185fe024618834e5022cbf2170bac4dad911af0be9dcb017d3c9192659562948dfc03338f542aeb32d626954542ff44857910d50bac87bc448037a4358e
- SSDEEP
  
  6144:PEK25f5ySIcWLsxIIW4DYM6SB6v+qLnAzYmhwrxcvkzmSOpzG:PMpASIcWYx2U6hAJQn9
Score

10^/10

urelas discovery trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

urelasdiscoverytrojan

behavioral2

urelasdiscoverytrojan