urelas | a75ad7afda019d2648d07451bdc13beffe0afe240b2def24e3312e6c9eb51429 | Triage

Sharing

General

Target

a75ad7afda019d2648d07451bdc13beffe0afe240b2def24e3312e6c9eb51429N.exe
Size

332KB
Sample

241113-3r14jsvlgq
MD5

926d44f877c6b8877309b7dc186c5650
SHA1

d21eb91f9d20bb0d3a3ccd5edd4dd48d900a54df
SHA256

a75ad7afda019d2648d07451bdc13beffe0afe240b2def24e3312e6c9eb51429
SHA512

486b60f8b1ee93f7b52f8f911e4284b7c384a23a68e4736d5fd6b9dd97c1be5cae23f24fce95f11c98e954bfb029ef55d84bab57dcc9fbbeda6a61e4b6548fc2
SSDEEP

6144:nvHWrZ+i8/iYiVst4UKVRw8pDrKlGSeNWcx1RsF9gc+XYVO:vHW138/iXWlK885rKlGSekcj66ciEO

Score

10^/10

urelas discovery trojan

Malware Config

Extracted

Family

urelas

C2

218.54.31.226

218.54.31.165

218.54.31.166

Targets

- Target
  
  a75ad7afda019d2648d07451bdc13beffe0afe240b2def24e3312e6c9eb51429N.exe
- Size
  
  332KB
- MD5
  
  926d44f877c6b8877309b7dc186c5650
- SHA1
  
  d21eb91f9d20bb0d3a3ccd5edd4dd48d900a54df
- SHA256
  
  a75ad7afda019d2648d07451bdc13beffe0afe240b2def24e3312e6c9eb51429
- SHA512
  
  486b60f8b1ee93f7b52f8f911e4284b7c384a23a68e4736d5fd6b9dd97c1be5cae23f24fce95f11c98e954bfb029ef55d84bab57dcc9fbbeda6a61e4b6548fc2
- SSDEEP
  
  6144:nvHWrZ+i8/iYiVst4UKVRw8pDrKlGSeNWcx1RsF9gc+XYVO:vHW138/iXWlK885rKlGSekcj66ciEO
Score

10^/10

urelas discovery trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Urelas family
  urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

urelasdiscoverytrojan

behavioral2

urelasdiscoverytrojan