urelas | d6d4fb47e8467d22c05f9d883047338283d478f67c3d06c1cd913912f29daaf7 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d6d4fb47e8467d22c05f9d883047338283d478f67c3d06c1cd913912f29daaf7N
Size

508KB
Sample

241106-p36lhszkcx
MD5

31574086dc57810c0f2cf1941e4f4120
SHA1

62f65220f27a18d399a930ccd5072201b300c34f
SHA256

d6d4fb47e8467d22c05f9d883047338283d478f67c3d06c1cd913912f29daaf7
SHA512

c37fd668056ab223d8da048beffa9e2f36146916de53e7bf8db72989f2cb10603aacdc94644e79d1647c1ee9d2f986158a75a90fd7add2c04eaa077a5d7d877a
SSDEEP

12288:Po7CGWcQSyYI2VrFKH5RBv9AQ1pEDdK5W/:PMUv2LAv9AQ1p4dKA/

Score

10^/10

urelas discovery trojan

Malware Config

Extracted

Family

urelas

C2

218.54.31.226

218.54.31.165

218.54.31.166

Targets

- Target
  
  d6d4fb47e8467d22c05f9d883047338283d478f67c3d06c1cd913912f29daaf7N
- Size
  
  508KB
- MD5
  
  31574086dc57810c0f2cf1941e4f4120
- SHA1
  
  62f65220f27a18d399a930ccd5072201b300c34f
- SHA256
  
  d6d4fb47e8467d22c05f9d883047338283d478f67c3d06c1cd913912f29daaf7
- SHA512
  
  c37fd668056ab223d8da048beffa9e2f36146916de53e7bf8db72989f2cb10603aacdc94644e79d1647c1ee9d2f986158a75a90fd7add2c04eaa077a5d7d877a
- SSDEEP
  
  12288:Po7CGWcQSyYI2VrFKH5RBv9AQ1pEDdK5W/:PMUv2LAv9AQ1p4dKA/
Score

10^/10

urelas discovery trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Urelas family
  urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

urelasdiscoverytrojan

behavioral2

urelasdiscoverytrojan