urelas | 2e224ba39029059c6b2b733e71e8e0d722505175bce8cc149ab032c043b8ab37 | Triage

Sharing

General

Target

2e224ba39029059c6b2b733e71e8e0d722505175bce8cc149ab032c043b8ab37
Size

57KB
Sample

241107-z5jjwayeql
MD5

7053b173e7d6b31f83d2c4e61bb2b56f
SHA1

91b85fba135dab8aaf6909422daf44b26e5cd43c
SHA256

2e224ba39029059c6b2b733e71e8e0d722505175bce8cc149ab032c043b8ab37
SHA512

488210d5ecd76968d960c5b753c7d3ca03bf98f39836f6489eae0f72d4147fb68ddcc66839791aecc98ceb08c585f8f61d36b2b75fb869db17b32f7d813ceded
SSDEEP

1536:amZ+4hcuX5uZ79jmvFQTXnz9yQ/PFBhl1Ak:amZ+luXwy2f9LDhDAk

Score

10^/10

urelas discovery trojan

Malware Config

Extracted

Family

urelas

C2

218.54.47.76

218.54.47.77

218.54.47.74

Targets

- Target
  
  2e224ba39029059c6b2b733e71e8e0d722505175bce8cc149ab032c043b8ab37
- Size
  
  57KB
- MD5
  
  7053b173e7d6b31f83d2c4e61bb2b56f
- SHA1
  
  91b85fba135dab8aaf6909422daf44b26e5cd43c
- SHA256
  
  2e224ba39029059c6b2b733e71e8e0d722505175bce8cc149ab032c043b8ab37
- SHA512
  
  488210d5ecd76968d960c5b753c7d3ca03bf98f39836f6489eae0f72d4147fb68ddcc66839791aecc98ceb08c585f8f61d36b2b75fb869db17b32f7d813ceded
- SSDEEP
  
  1536:amZ+4hcuX5uZ79jmvFQTXnz9yQ/PFBhl1Ak:amZ+luXwy2f9LDhDAk
Score

10^/10

urelas discovery trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Urelas family
  urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

urelasdiscoverytrojan

behavioral2

urelasdiscoverytrojan