urelas | 3b23e01ccddcce6ea19bbfd03a139ff40971d0fbae1838a810fc974067618bfc | Triage

Sharing

General

Target

3b23e01ccddcce6ea19bbfd03a139ff40971d0fbae1838a810fc974067618bfc
Size

169KB
Sample

241108-1mblzszlby
MD5

a48ec8742c239425eb97f1976946de02
SHA1

e8b55b254d54e5a602b389f3cd13cacd20dc3f52
SHA256

3b23e01ccddcce6ea19bbfd03a139ff40971d0fbae1838a810fc974067618bfc
SHA512

2737187742a75f8382cfc09055474faba9d3652f306791d8fd04d6920b8a745f62a5c29759c711a68eb91ea301057ec5d74767b1780ec521a53b8eef7585a9f7
SSDEEP

3072:yp56zRJ83+OJ7NoGvdwWy6k04yW/KR0Yx4BXP1:yOzRWu27dlOd5/YWV9

Score

10^/10

urelas discovery trojan

Malware Config

Extracted

Family

urelas

C2

218.54.47.76

218.54.47.77

218.54.47.74

Targets

- Target
  
  3b23e01ccddcce6ea19bbfd03a139ff40971d0fbae1838a810fc974067618bfc
- Size
  
  169KB
- MD5
  
  a48ec8742c239425eb97f1976946de02
- SHA1
  
  e8b55b254d54e5a602b389f3cd13cacd20dc3f52
- SHA256
  
  3b23e01ccddcce6ea19bbfd03a139ff40971d0fbae1838a810fc974067618bfc
- SHA512
  
  2737187742a75f8382cfc09055474faba9d3652f306791d8fd04d6920b8a745f62a5c29759c711a68eb91ea301057ec5d74767b1780ec521a53b8eef7585a9f7
- SSDEEP
  
  3072:yp56zRJ83+OJ7NoGvdwWy6k04yW/KR0Yx4BXP1:yOzRWu27dlOd5/YWV9
Score

10^/10

urelas discovery trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Urelas family
  urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

urelasdiscoverytrojan

behavioral2

urelasdiscoverytrojan