urelas | 163e01454cde70539009b236175d4b9a6814732161042c8cd78d0c0c14a2ca61 | Triage

Sharing

General

Target

163e01454cde70539009b236175d4b9a6814732161042c8cd78d0c0c14a2ca61
Size

55KB
Sample

241117-dg5asayncs
MD5

0380f71ecd0968fbf61c40ad60c4aef1
SHA1

d39bc1b54a8cad59cf8a8bd2789834204a931997
SHA256

163e01454cde70539009b236175d4b9a6814732161042c8cd78d0c0c14a2ca61
SHA512

46c92b30c384efd00c0751f0c88649e96963879eea98fdb60cd635f0fcb94c280de78f8c4eca520684f6fccf9f1fde8f0b1dc3e20f873679e5087ad2be65981c
SSDEEP

1536:qw788avzI+on+TqOK0cHMqtzMLvWsrupwnTf1GqT7u:qwda7KVr0cHneunw1u

Score

10^/10

urelas discovery trojan

Malware Config

Extracted

Family

urelas

C2

218.54.47.76

218.54.47.77

218.54.47.74

Targets

- Target
  
  163e01454cde70539009b236175d4b9a6814732161042c8cd78d0c0c14a2ca61
- Size
  
  55KB
- MD5
  
  0380f71ecd0968fbf61c40ad60c4aef1
- SHA1
  
  d39bc1b54a8cad59cf8a8bd2789834204a931997
- SHA256
  
  163e01454cde70539009b236175d4b9a6814732161042c8cd78d0c0c14a2ca61
- SHA512
  
  46c92b30c384efd00c0751f0c88649e96963879eea98fdb60cd635f0fcb94c280de78f8c4eca520684f6fccf9f1fde8f0b1dc3e20f873679e5087ad2be65981c
- SSDEEP
  
  1536:qw788avzI+on+TqOK0cHMqtzMLvWsrupwnTf1GqT7u:qwda7KVr0cHneunw1u
Score

10^/10

urelas discovery trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Urelas family
  urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

urelasdiscoverytrojan

behavioral2

urelasdiscoverytrojan