urelas | 514cb875496dcf6bc5e35a95a11993a6cc951d3dcc123b284a9457d22c410254 | Triage

Sharing

General

Target

514cb875496dcf6bc5e35a95a11993a6cc951d3dcc123b284a9457d22c410254
Size

51KB
Sample

241115-1x1c4awrfm
MD5

57b846a6a331f151b127fe0c4a3a90f6
SHA1

33e3caedd0a30c5085446f5d38527caca05d8a16
SHA256

514cb875496dcf6bc5e35a95a11993a6cc951d3dcc123b284a9457d22c410254
SHA512

af56559ddc4b887cd34039008e443d24d023e28e8e18596e9900a030fd7953c3e516cead58527280f120dbc9375435a7a2459c46f1dfd5776a5fd29c65d8bc6d
SSDEEP

1536:h+Ds6ClDXuqweo/0khAUnJDgabGsVy6umfFlPhP5:KsdXfBo/DBJBGzkP5P5

Score

10^/10

urelas discovery trojan

Malware Config

Extracted

Family

urelas

C2

121.88.5.183

218.54.28.139

Targets

- Target
  
  514cb875496dcf6bc5e35a95a11993a6cc951d3dcc123b284a9457d22c410254
- Size
  
  51KB
- MD5
  
  57b846a6a331f151b127fe0c4a3a90f6
- SHA1
  
  33e3caedd0a30c5085446f5d38527caca05d8a16
- SHA256
  
  514cb875496dcf6bc5e35a95a11993a6cc951d3dcc123b284a9457d22c410254
- SHA512
  
  af56559ddc4b887cd34039008e443d24d023e28e8e18596e9900a030fd7953c3e516cead58527280f120dbc9375435a7a2459c46f1dfd5776a5fd29c65d8bc6d
- SSDEEP
  
  1536:h+Ds6ClDXuqweo/0khAUnJDgabGsVy6umfFlPhP5:KsdXfBo/DBJBGzkP5P5
Score

10^/10

urelas discovery trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Urelas family
  urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

urelasdiscoverytrojan

behavioral2

urelasdiscoverytrojan