urelas | 67980c2d0d647df48bdedc9637049e7f6da945bd574f66f22538923f99f067fb | Triage

Sharing

General

Target

67980c2d0d647df48bdedc9637049e7f6da945bd574f66f22538923f99f067fbN.exe
Size

448KB
Sample

241115-tlajza1kbl
MD5

eab7f8c8a9a42c5880fdbf3929e15a70
SHA1

516886d2b2b05c7774c4aff0480a44f17152c79e
SHA256

67980c2d0d647df48bdedc9637049e7f6da945bd574f66f22538923f99f067fb
SHA512

efc09439cfce232e71bc5e97586355fe59ccf9d0a4c5c9a9332c95830a08dec42c3d00d818e6a5c983c1456848638f052ce0e4aca289a9fde70caf9ace59efbd
SSDEEP

6144:CEK25f5ySIcWLsxIIW4DYM6SB6v+qLnAzYmhwrxcvkzmSOpdFb:CMpASIcWYx2U6hAJQn6

Score

10^/10

urelas discovery trojan

Malware Config

Extracted

Family

urelas

C2

218.54.31.165

218.54.31.226

Targets

- Target
  
  67980c2d0d647df48bdedc9637049e7f6da945bd574f66f22538923f99f067fbN.exe
- Size
  
  448KB
- MD5
  
  eab7f8c8a9a42c5880fdbf3929e15a70
- SHA1
  
  516886d2b2b05c7774c4aff0480a44f17152c79e
- SHA256
  
  67980c2d0d647df48bdedc9637049e7f6da945bd574f66f22538923f99f067fb
- SHA512
  
  efc09439cfce232e71bc5e97586355fe59ccf9d0a4c5c9a9332c95830a08dec42c3d00d818e6a5c983c1456848638f052ce0e4aca289a9fde70caf9ace59efbd
- SSDEEP
  
  6144:CEK25f5ySIcWLsxIIW4DYM6SB6v+qLnAzYmhwrxcvkzmSOpdFb:CMpASIcWYx2U6hAJQn6
Score

10^/10

urelas discovery trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Urelas family
  urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

urelasdiscoverytrojan

behavioral2

urelasdiscoverytrojan