urelas | 4645de429b6f373cb478d77b475b04ef0f5c005262e772bed974f470b65979dc | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4645de429b6f373cb478d77b475b04ef0f5c005262e772bed974f470b65979dcN
Size

507KB
Sample

241023-vv6t7s1frb
MD5

afabaa8dda0ceafe8d9720b24b70d2e0
SHA1

2f6bb162073bccc539ba8d65715d0fcb1f269600
SHA256

4645de429b6f373cb478d77b475b04ef0f5c005262e772bed974f470b65979dc
SHA512

5f6adcac905f842235be8435a6d359c763d8c1d5274825dc86d3d213bb39af1a89f72772f0051f16b31da9c1a07c11d4d18f741254652e7aa063f76689c7102c
SSDEEP

12288:3o7CGWcQSyYI2VrFKH5RBv9AQ1pEDdKoM:3MUv2LAv9AQ1p4dKt

Score

10^/10

urelas discovery trojan

Malware Config

Extracted

Family

urelas

C2

218.54.31.226

218.54.31.165

218.54.31.166

Targets

- Target
  
  4645de429b6f373cb478d77b475b04ef0f5c005262e772bed974f470b65979dcN
- Size
  
  507KB
- MD5
  
  afabaa8dda0ceafe8d9720b24b70d2e0
- SHA1
  
  2f6bb162073bccc539ba8d65715d0fcb1f269600
- SHA256
  
  4645de429b6f373cb478d77b475b04ef0f5c005262e772bed974f470b65979dc
- SHA512
  
  5f6adcac905f842235be8435a6d359c763d8c1d5274825dc86d3d213bb39af1a89f72772f0051f16b31da9c1a07c11d4d18f741254652e7aa063f76689c7102c
- SSDEEP
  
  12288:3o7CGWcQSyYI2VrFKH5RBv9AQ1pEDdKoM:3MUv2LAv9AQ1p4dKt
Score

10^/10

urelas discovery trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

urelasdiscoverytrojan

behavioral2

urelasdiscoverytrojan