urelas | 4c8b83c5f240edc8cc09e42b226c7436486736e4c611dc3f546e734585fbf3c7 | Triage

Sharing

General

Target

4c8b83c5f240edc8cc09e42b226c7436486736e4c611dc3f546e734585fbf3c7
Size

57KB
Sample

241029-2lfpzsznew
MD5

a5c13234f79cb73a87fa089ce87bad5c
SHA1

3c97530bbf57d3e288a7d167e278814671ce7d46
SHA256

4c8b83c5f240edc8cc09e42b226c7436486736e4c611dc3f546e734585fbf3c7
SHA512

018a49fc6af84b7cdc030810d986f2af50c493aaad01c98b021d8e2485f8b1d1706c903234746aab497a6639d507d00c9fcd9483b3836296583acd8b0d0c59cb
SSDEEP

768:6b4zb59Yix/RoyH+5flZirYqc97vFvrpaZG3DHvTdA9GgnOuS5ZFYycKZpFZx5Er:6bQx5oPsr2vFxDPhAvzgAQzFZ77k

Score

10^/10

urelas discovery trojan

Malware Config

Extracted

Family

urelas

C2

218.54.47.76

218.54.47.77

218.54.47.74

Targets

- Target
  
  4c8b83c5f240edc8cc09e42b226c7436486736e4c611dc3f546e734585fbf3c7
- Size
  
  57KB
- MD5
  
  a5c13234f79cb73a87fa089ce87bad5c
- SHA1
  
  3c97530bbf57d3e288a7d167e278814671ce7d46
- SHA256
  
  4c8b83c5f240edc8cc09e42b226c7436486736e4c611dc3f546e734585fbf3c7
- SHA512
  
  018a49fc6af84b7cdc030810d986f2af50c493aaad01c98b021d8e2485f8b1d1706c903234746aab497a6639d507d00c9fcd9483b3836296583acd8b0d0c59cb
- SSDEEP
  
  768:6b4zb59Yix/RoyH+5flZirYqc97vFvrpaZG3DHvTdA9GgnOuS5ZFYycKZpFZx5Er:6bQx5oPsr2vFxDPhAvzgAQzFZ77k
Score

10^/10

urelas discovery trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Urelas family
  urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

urelasdiscoverytrojan

behavioral2

urelasdiscoverytrojan