urelas | 88c1dfa202eee64dc73b932f7a0e94e213f18d8ee5fb8e0c8f595ecde58456f0 | Triage

Sharing

General

Target

88c1dfa202eee64dc73b932f7a0e94e213f18d8ee5fb8e0c8f595ecde58456f0
Size

332KB
Sample

241108-bmqy8svjdp
MD5

35506475a0a8a4c0429a15340d2fab27
SHA1

35e70cac093ecc3e47a88bcecea97b8b0b893560
SHA256

88c1dfa202eee64dc73b932f7a0e94e213f18d8ee5fb8e0c8f595ecde58456f0
SHA512

4b9c4bea129d323f0d637a5fa60d37ca3c6400a5b7463a8b9811455edcb3492982b882178f2af9c5d1af21b397b42dd98d0e82db93ac6e09097bbf11115860db
SSDEEP

6144:nvHWrZ+i8/iYiVst4UKVRw8pDrKlGSeNWcx1RsF9gc+XYVF:vHW138/iXWlK885rKlGSekcj66ciEF

Score

10^/10

urelas discovery trojan

Malware Config

Extracted

Family

urelas

C2

218.54.31.226

218.54.31.165

218.54.31.166

Targets

- Target
  
  88c1dfa202eee64dc73b932f7a0e94e213f18d8ee5fb8e0c8f595ecde58456f0
- Size
  
  332KB
- MD5
  
  35506475a0a8a4c0429a15340d2fab27
- SHA1
  
  35e70cac093ecc3e47a88bcecea97b8b0b893560
- SHA256
  
  88c1dfa202eee64dc73b932f7a0e94e213f18d8ee5fb8e0c8f595ecde58456f0
- SHA512
  
  4b9c4bea129d323f0d637a5fa60d37ca3c6400a5b7463a8b9811455edcb3492982b882178f2af9c5d1af21b397b42dd98d0e82db93ac6e09097bbf11115860db
- SSDEEP
  
  6144:nvHWrZ+i8/iYiVst4UKVRw8pDrKlGSeNWcx1RsF9gc+XYVF:vHW138/iXWlK885rKlGSekcj66ciEF
Score

10^/10

urelas discovery trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Urelas family
  urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

urelasdiscoverytrojan

behavioral2

urelasdiscoverytrojan