urelas | 4684acdcf9102e46c76c84e97be3d86d1e823b7cdb3fe3a1328adf7c5422bca4 | Triage

Sharing

General

Target

4684acdcf9102e46c76c84e97be3d86d1e823b7cdb3fe3a1328adf7c5422bca4N
Size

176KB
Sample

241025-zlxbmaslhz
MD5

bdf37aa579983470d4f64df1fa2fa7e0
SHA1

4f6d9772d2dca3fa1644a6c5f49b39cc270b816f
SHA256

4684acdcf9102e46c76c84e97be3d86d1e823b7cdb3fe3a1328adf7c5422bca4
SHA512

2697f5f3869138cacd418c0da631d5db1249749f0adac07f85de9420b6b7f97b1a96b97ddba5880508ab5ad8efc85e8314bf1b0485e1f072e73d9280344fd97a
SSDEEP

3072:s9AJRSvTvHN7xkKGsfPNGhoIPpcUqePvwg:s9AvSLvHNdkKGbHPpDq8

Score

10^/10

urelas discovery trojan

Malware Config

Extracted

Family

urelas

C2

218.54.28.139

121.88.5.183

Targets

- Target
  
  4684acdcf9102e46c76c84e97be3d86d1e823b7cdb3fe3a1328adf7c5422bca4N
- Size
  
  176KB
- MD5
  
  bdf37aa579983470d4f64df1fa2fa7e0
- SHA1
  
  4f6d9772d2dca3fa1644a6c5f49b39cc270b816f
- SHA256
  
  4684acdcf9102e46c76c84e97be3d86d1e823b7cdb3fe3a1328adf7c5422bca4
- SHA512
  
  2697f5f3869138cacd418c0da631d5db1249749f0adac07f85de9420b6b7f97b1a96b97ddba5880508ab5ad8efc85e8314bf1b0485e1f072e73d9280344fd97a
- SSDEEP
  
  3072:s9AJRSvTvHN7xkKGsfPNGhoIPpcUqePvwg:s9AvSLvHNdkKGbHPpDq8
Score

10^/10

urelas discovery trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Urelas family
  urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

urelasdiscoverytrojan

behavioral2

urelasdiscoverytrojan