urelas | e617ae79347e23e7aca6ff543945f2a576b9cee0b59256602fb1def768b2e461 | Triage

Sharing

General

Target

e617ae79347e23e7aca6ff543945f2a576b9cee0b59256602fb1def768b2e461N
Size

51KB
Sample

241110-p41fwszpcl
MD5

661a249cf780d55198ae7370d5a3d350
SHA1

6281c61e873f5ab5b8646518000b22ee49e8beb1
SHA256

e617ae79347e23e7aca6ff543945f2a576b9cee0b59256602fb1def768b2e461
SHA512

6913c2a82b5f58dcbac78bcd2f4aee98b5ad6f302cfffc03b04bc6621f3aff60bab61927e9ee58335f00a0739b9b913c48316224dbdb0d0ab9d0d206fd89ff15
SSDEEP

1536:lVeVFl6sRsDnQi1Mek/pFRMfKaP7cFwQkXuJXqmrh:v23sD1vSP6cOYXqmF

Score

10^/10

urelas discovery trojan

Malware Config

Extracted

Family

urelas

C2

218.54.47.76

218.54.47.77

218.54.47.74

Targets

- Target
  
  e617ae79347e23e7aca6ff543945f2a576b9cee0b59256602fb1def768b2e461N
- Size
  
  51KB
- MD5
  
  661a249cf780d55198ae7370d5a3d350
- SHA1
  
  6281c61e873f5ab5b8646518000b22ee49e8beb1
- SHA256
  
  e617ae79347e23e7aca6ff543945f2a576b9cee0b59256602fb1def768b2e461
- SHA512
  
  6913c2a82b5f58dcbac78bcd2f4aee98b5ad6f302cfffc03b04bc6621f3aff60bab61927e9ee58335f00a0739b9b913c48316224dbdb0d0ab9d0d206fd89ff15
- SSDEEP
  
  1536:lVeVFl6sRsDnQi1Mek/pFRMfKaP7cFwQkXuJXqmrh:v23sD1vSP6cOYXqmF
Score

10^/10

urelas discovery trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Urelas family
  urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

urelasdiscoverytrojan

behavioral2

urelasdiscoverytrojan