urelas | 512b4841312b0df1fbbfacb0340330de82f46ea4e1e92d7dc89871f138ec5892 | Triage

Sharing

General

Target

512b4841312b0df1fbbfacb0340330de82f46ea4e1e92d7dc89871f138ec5892N
Size

140KB
Sample

241027-vvhsda1bnj
MD5

cd314479dfad507b53e41939db3c2da0
SHA1

d536934b9eec4baacb72dac49cf9bb8ab29127a3
SHA256

512b4841312b0df1fbbfacb0340330de82f46ea4e1e92d7dc89871f138ec5892
SHA512

7728722fd804d690941c0dc129a2c940f8c92035d079985b5eedba06d9a2d2c6c95d7b59c055c0e057d6160a43a801c7f0e6c4c8ce38c6f9ea6ddc8a76f29f30
SSDEEP

1536:P/oEkqfCZ10zcT9Yh8AIXcjyz9cOXfiXGImcatMrsWjcdf6odgR5APfI4:P/5kqCxiXEcO3XfGf2tMUf6odgR5A44

Score

10^/10

urelas discovery trojan

Malware Config

Extracted

Family

urelas

C2

218.54.47.76

218.54.47.77

218.54.47.74

Targets

- Target
  
  512b4841312b0df1fbbfacb0340330de82f46ea4e1e92d7dc89871f138ec5892N
- Size
  
  140KB
- MD5
  
  cd314479dfad507b53e41939db3c2da0
- SHA1
  
  d536934b9eec4baacb72dac49cf9bb8ab29127a3
- SHA256
  
  512b4841312b0df1fbbfacb0340330de82f46ea4e1e92d7dc89871f138ec5892
- SHA512
  
  7728722fd804d690941c0dc129a2c940f8c92035d079985b5eedba06d9a2d2c6c95d7b59c055c0e057d6160a43a801c7f0e6c4c8ce38c6f9ea6ddc8a76f29f30
- SSDEEP
  
  1536:P/oEkqfCZ10zcT9Yh8AIXcjyz9cOXfiXGImcatMrsWjcdf6odgR5APfI4:P/5kqCxiXEcO3XfGf2tMUf6odgR5A44
Score

10^/10

urelas discovery trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Urelas family
  urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

urelasdiscoverytrojan

behavioral2

urelasdiscoverytrojan