urelas | 54832d03a638bf9a63d65a0778c16b061a173026f28af0d1905e3312914c84ea | Triage

Sharing

General

Target

54832d03a638bf9a63d65a0778c16b061a173026f28af0d1905e3312914c84eaN
Size

330KB
Sample

241029-l4wk6avajp
MD5

4f6be11ae13e3a9613b104c6dae342e0
SHA1

b7bb12bdbc37e6d802686bbac6cbd436d7839f9b
SHA256

54832d03a638bf9a63d65a0778c16b061a173026f28af0d1905e3312914c84ea
SHA512

1623449d81a95a88ea263b8fc54118820d80ff1729c97c3c16bb32044947ca37d6263dcb5a800e39f7b3205cf18316da7d18efbdc6edf1d9ce3a737d7e524222
SSDEEP

6144:nvHWrZ+i8/iYiVst4UKVRw8pDrKlGSeNWcx1RsF9gc+XYVv:vHW138/iXWlK885rKlGSekcj66ciEv

Score

10^/10

urelas discovery trojan

Malware Config

Extracted

Family

urelas

C2

218.54.31.226

218.54.31.165

218.54.31.166

Targets

- Target
  
  54832d03a638bf9a63d65a0778c16b061a173026f28af0d1905e3312914c84eaN
- Size
  
  330KB
- MD5
  
  4f6be11ae13e3a9613b104c6dae342e0
- SHA1
  
  b7bb12bdbc37e6d802686bbac6cbd436d7839f9b
- SHA256
  
  54832d03a638bf9a63d65a0778c16b061a173026f28af0d1905e3312914c84ea
- SHA512
  
  1623449d81a95a88ea263b8fc54118820d80ff1729c97c3c16bb32044947ca37d6263dcb5a800e39f7b3205cf18316da7d18efbdc6edf1d9ce3a737d7e524222
- SSDEEP
  
  6144:nvHWrZ+i8/iYiVst4UKVRw8pDrKlGSeNWcx1RsF9gc+XYVv:vHW138/iXWlK885rKlGSekcj66ciEv
Score

10^/10

urelas discovery trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Urelas family
  urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

urelasdiscoverytrojan

behavioral2

urelasdiscoverytrojan