urelas | dd9d798378ebf628908c73cfc8294f7c6442fdb9fcf95e19fd0cc155668d9d68 | Triage

Sharing

General

Target

dd9d798378ebf628908c73cfc8294f7c6442fdb9fcf95e19fd0cc155668d9d68.exe
Size

66KB
Sample

241119-bm2qqsykaz
MD5

fd542f27e63cefa1e19c82af964d29f8
SHA1

bf4db0dfd51e3ba49406d5b08da935bbf701a457
SHA256

dd9d798378ebf628908c73cfc8294f7c6442fdb9fcf95e19fd0cc155668d9d68
SHA512

5270df660ff01f6421b2ca7d7ffecef687bc0f4e2c32f65864002f565e44a178fd6cab3bb13b0d16382764d1d51322aea4d36e662dfd3cbc5236399b77f1c7a3
SSDEEP

1536:6bQx5oPsr2vFxDPhAvzgAQzFZ77MzeTmUD0l:6bQRSHpAvzyf7MzeThD0l

Score

10^/10

urelas discovery trojan

Malware Config

Extracted

Family

urelas

C2

218.54.47.76

218.54.47.77

218.54.47.74

Targets

- Target
  
  dd9d798378ebf628908c73cfc8294f7c6442fdb9fcf95e19fd0cc155668d9d68.exe
- Size
  
  66KB
- MD5
  
  fd542f27e63cefa1e19c82af964d29f8
- SHA1
  
  bf4db0dfd51e3ba49406d5b08da935bbf701a457
- SHA256
  
  dd9d798378ebf628908c73cfc8294f7c6442fdb9fcf95e19fd0cc155668d9d68
- SHA512
  
  5270df660ff01f6421b2ca7d7ffecef687bc0f4e2c32f65864002f565e44a178fd6cab3bb13b0d16382764d1d51322aea4d36e662dfd3cbc5236399b77f1c7a3
- SSDEEP
  
  1536:6bQx5oPsr2vFxDPhAvzgAQzFZ77MzeTmUD0l:6bQRSHpAvzyf7MzeThD0l
Score

10^/10

urelas discovery trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Urelas family
  urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

urelasdiscoverytrojan

behavioral2

urelasdiscoverytrojan