urelas | c58a54e493ed28635efc5218a3830a3ce759603e7e9ab3a15b625b51281179ee | Triage

Sharing

General

Target

c58a54e493ed28635efc5218a3830a3ce759603e7e9ab3a15b625b51281179eeN
Size

169KB
Sample

241110-mp45esvhjg
MD5

547433b1c994e7537f4849297fcca790
SHA1

d7c44fbca8f6516b04243c11936ad08a4067cdaf
SHA256

c58a54e493ed28635efc5218a3830a3ce759603e7e9ab3a15b625b51281179ee
SHA512

6ecc131cbef5c3af4022e7cbf01e951f7bcb6808445e88c5f2f5b5d1bc9e57784dfe2b6487d90b6b9ace6b5482822c0514ee82b383eddf980fbebaa7408dc78d
SSDEEP

3072:yp56zRJ83+OJ7NoGvdwWy6k04yW/KR0Yx4BXPC:yOzRWu27dlOd5/YWVK

Score

10^/10

urelas discovery trojan

Malware Config

Extracted

Family

urelas

C2

218.54.47.76

218.54.47.77

218.54.47.74

Targets

- Target
  
  c58a54e493ed28635efc5218a3830a3ce759603e7e9ab3a15b625b51281179eeN
- Size
  
  169KB
- MD5
  
  547433b1c994e7537f4849297fcca790
- SHA1
  
  d7c44fbca8f6516b04243c11936ad08a4067cdaf
- SHA256
  
  c58a54e493ed28635efc5218a3830a3ce759603e7e9ab3a15b625b51281179ee
- SHA512
  
  6ecc131cbef5c3af4022e7cbf01e951f7bcb6808445e88c5f2f5b5d1bc9e57784dfe2b6487d90b6b9ace6b5482822c0514ee82b383eddf980fbebaa7408dc78d
- SSDEEP
  
  3072:yp56zRJ83+OJ7NoGvdwWy6k04yW/KR0Yx4BXPC:yOzRWu27dlOd5/YWVK
Score

10^/10

urelas discovery trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Urelas family
  urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

urelasdiscoverytrojan

behavioral2

urelasdiscoverytrojan