urelas | bc7de65b572f1f8243f9e49e3794569e799dd72aafecc9d4d4ee7aa73736f7fc | Triage

Sharing

General

Target

bc7de65b572f1f8243f9e49e3794569e799dd72aafecc9d4d4ee7aa73736f7fc
Size

51KB
Sample

241116-1s2elatnhz
MD5

7226eea86d04146b35dde8bbb956b2f1
SHA1

c8e54faeeebe20f6de8a8a56bedc62abaf721f58
SHA256

bc7de65b572f1f8243f9e49e3794569e799dd72aafecc9d4d4ee7aa73736f7fc
SHA512

9ba710dd170193f2ffc1be9bce40cea06c61ee40cf256191b642f1951bf24d41162789591d2835e7da4013a5ee37404088312fe450ec4f10e51fddd11c117f2b
SSDEEP

1536:h+Ds6ClDXuqweo/0khAUnJDgabGsVy6umfFlPhPn:KsdXfBo/DBJBGzkP5Pn

Score

10^/10

urelas discovery trojan

Malware Config

Extracted

Family

urelas

C2

121.88.5.183

218.54.28.139

Targets

- Target
  
  bc7de65b572f1f8243f9e49e3794569e799dd72aafecc9d4d4ee7aa73736f7fc
- Size
  
  51KB
- MD5
  
  7226eea86d04146b35dde8bbb956b2f1
- SHA1
  
  c8e54faeeebe20f6de8a8a56bedc62abaf721f58
- SHA256
  
  bc7de65b572f1f8243f9e49e3794569e799dd72aafecc9d4d4ee7aa73736f7fc
- SHA512
  
  9ba710dd170193f2ffc1be9bce40cea06c61ee40cf256191b642f1951bf24d41162789591d2835e7da4013a5ee37404088312fe450ec4f10e51fddd11c117f2b
- SSDEEP
  
  1536:h+Ds6ClDXuqweo/0khAUnJDgabGsVy6umfFlPhPn:KsdXfBo/DBJBGzkP5Pn
Score

10^/10

urelas discovery trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Urelas family
  urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

urelasdiscoverytrojan

behavioral2

urelasdiscoverytrojan