urelas | 56a74e83d8e3c75a7bcc8d96a62e8888acc28e70bb83b41e0227a2f03e0e9313 | Triage

Sharing

General

Target

56a74e83d8e3c75a7bcc8d96a62e8888acc28e70bb83b41e0227a2f03e0e9313N
Size

168KB
Sample

241031-g4lzhazqhv
MD5

c4fd1a2a1454b47763044537512fc850
SHA1

f1b765caafc9383770589afa294ce6001cce30f9
SHA256

56a74e83d8e3c75a7bcc8d96a62e8888acc28e70bb83b41e0227a2f03e0e9313
SHA512

548c90238039fa7c5b59e99310142eb25205cac2ae6ac0084fbb205796ea3f9a6db6d2b97dc0d90b0717b3693d8bc15fdf8c7399016e2794b30a1bbd99a5d09d
SSDEEP

1536:eADA0Wbt1931D2P7BWLQ4zR4LUKMcPHFE3HP/GTW65CGEgvpxyTf/K:eADA0Wc7UJ6LZMaHLW65DE8pxWq

Score

10^/10

urelas discovery trojan

Malware Config

Extracted

Family

urelas

C2

112.175.88.208

112.175.88.207

Targets

- Target
  
  56a74e83d8e3c75a7bcc8d96a62e8888acc28e70bb83b41e0227a2f03e0e9313N
- Size
  
  168KB
- MD5
  
  c4fd1a2a1454b47763044537512fc850
- SHA1
  
  f1b765caafc9383770589afa294ce6001cce30f9
- SHA256
  
  56a74e83d8e3c75a7bcc8d96a62e8888acc28e70bb83b41e0227a2f03e0e9313
- SHA512
  
  548c90238039fa7c5b59e99310142eb25205cac2ae6ac0084fbb205796ea3f9a6db6d2b97dc0d90b0717b3693d8bc15fdf8c7399016e2794b30a1bbd99a5d09d
- SSDEEP
  
  1536:eADA0Wbt1931D2P7BWLQ4zR4LUKMcPHFE3HP/GTW65CGEgvpxyTf/K:eADA0Wc7UJ6LZMaHLW65DE8pxWq
Score

10^/10

urelas discovery trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Urelas family
  urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

urelasdiscoverytrojan

behavioral2

urelasdiscoverytrojan