urelas | b17de79fe99a08b69e342af556f9169eb04933003fb9fce745bf63ae01c9157e | Triage

Sharing

General

Target

b17de79fe99a08b69e342af556f9169eb04933003fb9fce745bf63ae01c9157e
Size

67KB
Sample

241116-b3ek5swnaz
MD5

50c120558fb0abc6c421072bdd0f0032
SHA1

8ff8418beb040c5c9f66202abea3b7a339ae4f7a
SHA256

b17de79fe99a08b69e342af556f9169eb04933003fb9fce745bf63ae01c9157e
SHA512

6f03f6c3dba2c4c6e23e97dd345d0b764cd31b41eb34e35db786718a233528b5903b3e817641de80dc9b5c61fac454d8a525904ce95da5499e68c6d3750c1809
SSDEEP

1536:v6fqsAPQYGmPzmZDDZrV8sMQXGkfn33n7z5WeIuhCarU:yLAYUzmdD0sMQl7d7IuhCag

Score

10^/10

urelas discovery trojan

Malware Config

Extracted

Family

urelas

C2

218.54.47.76

218.54.47.77

218.54.47.74

Targets

- Target
  
  b17de79fe99a08b69e342af556f9169eb04933003fb9fce745bf63ae01c9157e
- Size
  
  67KB
- MD5
  
  50c120558fb0abc6c421072bdd0f0032
- SHA1
  
  8ff8418beb040c5c9f66202abea3b7a339ae4f7a
- SHA256
  
  b17de79fe99a08b69e342af556f9169eb04933003fb9fce745bf63ae01c9157e
- SHA512
  
  6f03f6c3dba2c4c6e23e97dd345d0b764cd31b41eb34e35db786718a233528b5903b3e817641de80dc9b5c61fac454d8a525904ce95da5499e68c6d3750c1809
- SSDEEP
  
  1536:v6fqsAPQYGmPzmZDDZrV8sMQXGkfn33n7z5WeIuhCarU:yLAYUzmdD0sMQl7d7IuhCag
Score

10^/10

urelas discovery trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Urelas family
  urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

urelasdiscoverytrojan

behavioral2

urelasdiscoverytrojan