urelas | 663a4dd3a5a074e4f1a0fbaa37f39d7d3c3b3444c1aa2c85fa72d6fae0f5caa2 | Triage

Sharing

General

Target

663a4dd3a5a074e4f1a0fbaa37f39d7d3c3b3444c1aa2c85fa72d6fae0f5caa2
Size

51KB
Sample

241119-3gzsqswbrm
MD5

44cce61aef1505565c26b5a6a4feb431
SHA1

8d0055e802ca471807788767931b878f555133c5
SHA256

663a4dd3a5a074e4f1a0fbaa37f39d7d3c3b3444c1aa2c85fa72d6fae0f5caa2
SHA512

0de33dc74e5bf058dd957e5453f4443df04672c08ec2e5138e0a83403fa7ea39893948ce8b673878b609c2ce8537aa14bacb61ed9abde3fc8982223cfd357582
SSDEEP

1536:h+Ds6ClDXuqweo/0khAUnJDgabGsVy6umfFlPhj:KsdXfBo/DBJBGzkP5j

Score

10^/10

urelas discovery trojan

Malware Config

Extracted

Family

urelas

C2

121.88.5.183

218.54.28.139

Targets

- Target
  
  663a4dd3a5a074e4f1a0fbaa37f39d7d3c3b3444c1aa2c85fa72d6fae0f5caa2
- Size
  
  51KB
- MD5
  
  44cce61aef1505565c26b5a6a4feb431
- SHA1
  
  8d0055e802ca471807788767931b878f555133c5
- SHA256
  
  663a4dd3a5a074e4f1a0fbaa37f39d7d3c3b3444c1aa2c85fa72d6fae0f5caa2
- SHA512
  
  0de33dc74e5bf058dd957e5453f4443df04672c08ec2e5138e0a83403fa7ea39893948ce8b673878b609c2ce8537aa14bacb61ed9abde3fc8982223cfd357582
- SSDEEP
  
  1536:h+Ds6ClDXuqweo/0khAUnJDgabGsVy6umfFlPhj:KsdXfBo/DBJBGzkP5j
Score

10^/10

urelas discovery trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Urelas family
  urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

urelasdiscoverytrojan

behavioral2

urelasdiscoverytrojan