urelas | ced45d6a3c829dfb89d06f75602f1023b930a028e0bf806ae3d29158cc8f8e39 | Triage

Sharing

General

Target

ced45d6a3c829dfb89d06f75602f1023b930a028e0bf806ae3d29158cc8f8e39N
Size

169KB
Sample

241104-dtx28ssgmp
MD5

8ca738322d9938b6d126985f167a4fc0
SHA1

1c66ba9c7db6706a869716a7359323eca3e144f8
SHA256

ced45d6a3c829dfb89d06f75602f1023b930a028e0bf806ae3d29158cc8f8e39
SHA512

8ccd05e10f18aa3c2b85111d095be6efb3c205fc414480a19b9d8889392583a7ceb65c73586593bb700c09975d0c023fc279017b42f4cff1d89bfbfae3b0a987
SSDEEP

3072:yp56zRJ83+OJ7NoGvdwWy6k04yW/KR0Yx4BXPO:yOzRWu27dlOd5/YWVm

Score

10^/10

urelas discovery trojan

Malware Config

Extracted

Family

urelas

C2

218.54.47.76

218.54.47.77

218.54.47.74

Targets

- Target
  
  ced45d6a3c829dfb89d06f75602f1023b930a028e0bf806ae3d29158cc8f8e39N
- Size
  
  169KB
- MD5
  
  8ca738322d9938b6d126985f167a4fc0
- SHA1
  
  1c66ba9c7db6706a869716a7359323eca3e144f8
- SHA256
  
  ced45d6a3c829dfb89d06f75602f1023b930a028e0bf806ae3d29158cc8f8e39
- SHA512
  
  8ccd05e10f18aa3c2b85111d095be6efb3c205fc414480a19b9d8889392583a7ceb65c73586593bb700c09975d0c023fc279017b42f4cff1d89bfbfae3b0a987
- SSDEEP
  
  3072:yp56zRJ83+OJ7NoGvdwWy6k04yW/KR0Yx4BXPO:yOzRWu27dlOd5/YWVm
Score

10^/10

urelas discovery trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Urelas family
  urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

urelasdiscoverytrojan

behavioral2

urelasdiscoverytrojan