urelas

General

Target

36d7e058cf340be06eedf13fa2180bdc4b570a5166113096825352a3d67d38c3.exe
Size

331KB
Sample

241113-q4mqgasmcy
MD5

a77e24c20018b1ab66b58aa944c5de9c
SHA1

154763d2824785ac6e3167ecc4cd74ebe457c8ef
SHA256

36d7e058cf340be06eedf13fa2180bdc4b570a5166113096825352a3d67d38c3
SHA512

10b0ee9b0378525cb0a23637a08c6b548009c11c12b7123302e514fd180734fcfb35454dabfd9042f35348983f07600e5bcf211e2f019d9b358159124a0fcd30
SSDEEP

3072:NdXi+V5Kgxpdxj8gbib20xTyst542t8ZHWBow8+zoB91wDQgJl0x2AEMenKbZisd:Nd7rpL43btmQ58Z27zw39gY2FeZh4w

Score

10^/10

Malware Config

Extracted

Family

urelas

C2

218.54.31.165

218.54.31.226

Targets

- Target
  
  36d7e058cf340be06eedf13fa2180bdc4b570a5166113096825352a3d67d38c3.exe
- Size
  
  331KB
- MD5
  
  a77e24c20018b1ab66b58aa944c5de9c
- SHA1
  
  154763d2824785ac6e3167ecc4cd74ebe457c8ef
- SHA256
  
  36d7e058cf340be06eedf13fa2180bdc4b570a5166113096825352a3d67d38c3
- SHA512
  
  10b0ee9b0378525cb0a23637a08c6b548009c11c12b7123302e514fd180734fcfb35454dabfd9042f35348983f07600e5bcf211e2f019d9b358159124a0fcd30
- SSDEEP
  
  3072:NdXi+V5Kgxpdxj8gbib20xTyst542t8ZHWBow8+zoB91wDQgJl0x2AEMenKbZisd:Nd7rpL43btmQ58Z27zw39gY2FeZh4w
Score

10^/10

urelas aspackv2 discovery trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Urelas family
  urelas
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Urelas family

ASPack v2.12-2.42

Checks computer location settings

Deletes itself

Executes dropped EXE

Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2