urelas | 981daf685ec04460f9f1a008ea3cfb2c8302a8c16814c39fba29a959d442cf08 | Triage

Sharing

General

Target

981daf685ec04460f9f1a008ea3cfb2c8302a8c16814c39fba29a959d442cf08N
Size

65KB
Sample

241109-v2x6msyeqc
MD5

d4efc4695bd947d17434f865ecd6aa20
SHA1

3b9a2e78df4e4aaa8a7432885d1275536f6de4dc
SHA256

981daf685ec04460f9f1a008ea3cfb2c8302a8c16814c39fba29a959d442cf08
SHA512

5c92d570b6c13c294aa21102276df61548af04c4a174a24051e256647a25bb578037fad31256194d953789488a6a44932023fc13b5765f7a7b99d56b37aa6779
SSDEEP

1536:6bQx5oPsr2vFxDPhAvzgAQzFZ77MzeTm/:6bQRSHpAvzyf7MzeTY

Score

10^/10

urelas discovery trojan

Malware Config

Extracted

Family

urelas

C2

218.54.47.76

218.54.47.77

218.54.47.74

Targets

- Target
  
  981daf685ec04460f9f1a008ea3cfb2c8302a8c16814c39fba29a959d442cf08N
- Size
  
  65KB
- MD5
  
  d4efc4695bd947d17434f865ecd6aa20
- SHA1
  
  3b9a2e78df4e4aaa8a7432885d1275536f6de4dc
- SHA256
  
  981daf685ec04460f9f1a008ea3cfb2c8302a8c16814c39fba29a959d442cf08
- SHA512
  
  5c92d570b6c13c294aa21102276df61548af04c4a174a24051e256647a25bb578037fad31256194d953789488a6a44932023fc13b5765f7a7b99d56b37aa6779
- SSDEEP
  
  1536:6bQx5oPsr2vFxDPhAvzgAQzFZ77MzeTm/:6bQRSHpAvzyf7MzeTY
Score

10^/10

urelas discovery trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Urelas family
  urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

urelasdiscoverytrojan

behavioral2

urelasdiscoverytrojan