urelas | 76ce9371b65e9bc7a4ddcdabfbd867097490bf5e4feedc92ab84aecfd3a7ce20 | Triage

Sharing

General

Target

76ce9371b65e9bc7a4ddcdabfbd867097490bf5e4feedc92ab84aecfd3a7ce20N
Size

50KB
Sample

241030-pcaq6avjck
MD5

356e663214be70c127a20d97a13b7b00
SHA1

9420b81b5c595cf2514e642d12654cfaa2825992
SHA256

76ce9371b65e9bc7a4ddcdabfbd867097490bf5e4feedc92ab84aecfd3a7ce20
SHA512

776257008a3c980778c86fb2d2c60475add0c667e820333219ca80a93b62567eb5243a962f661fcc8093f2b14e7080b9e31fbb12318b36bf822f80262ea7714e
SSDEEP

1536:h+Ds6ClDXuqweo/0khAUnJDgabGsVy6umfFlPhl:KsdXfBo/DBJBGzkP5l

Score

10^/10

urelas discovery trojan

Malware Config

Extracted

Family

urelas

C2

121.88.5.183

218.54.28.139

Targets

- Target
  
  76ce9371b65e9bc7a4ddcdabfbd867097490bf5e4feedc92ab84aecfd3a7ce20N
- Size
  
  50KB
- MD5
  
  356e663214be70c127a20d97a13b7b00
- SHA1
  
  9420b81b5c595cf2514e642d12654cfaa2825992
- SHA256
  
  76ce9371b65e9bc7a4ddcdabfbd867097490bf5e4feedc92ab84aecfd3a7ce20
- SHA512
  
  776257008a3c980778c86fb2d2c60475add0c667e820333219ca80a93b62567eb5243a962f661fcc8093f2b14e7080b9e31fbb12318b36bf822f80262ea7714e
- SSDEEP
  
  1536:h+Ds6ClDXuqweo/0khAUnJDgabGsVy6umfFlPhl:KsdXfBo/DBJBGzkP5l
Score

10^/10

urelas discovery trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Urelas family
  urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

urelasdiscoverytrojan

behavioral2

urelasdiscoverytrojan