urelas | 4a9b5551e62974c62d274323b1902155645660d6d0ad6bfd7ba6f604d47b136c | Triage

Sharing

General

Target

4a9b5551e62974c62d274323b1902155645660d6d0ad6bfd7ba6f604d47b136c.exe
Size

57KB
Sample

241119-p9lvpaxbln
MD5

200a6c6846002ae2b9291e41fa9f8c17
SHA1

711392307d01fc3c71579a74b06f07cf6d67a3b3
SHA256

4a9b5551e62974c62d274323b1902155645660d6d0ad6bfd7ba6f604d47b136c
SHA512

ff85709b9e0d76f429286cbee238f8c3614756f90c63fc14f8e24dc0b83033b70aba974b9ec544331f3fa094f0f1ea24ccd4a071940e623a5be7ff5d89477801
SSDEEP

1536:amZ+4hcuX5uZ79jmvFQTXnz9yQ/PFBhl15:amZ+luXwy2f9LDhD5

Score

10^/10

urelas discovery trojan

Malware Config

Extracted

Family

urelas

C2

218.54.47.76

218.54.47.77

218.54.47.74

Targets

- Target
  
  4a9b5551e62974c62d274323b1902155645660d6d0ad6bfd7ba6f604d47b136c.exe
- Size
  
  57KB
- MD5
  
  200a6c6846002ae2b9291e41fa9f8c17
- SHA1
  
  711392307d01fc3c71579a74b06f07cf6d67a3b3
- SHA256
  
  4a9b5551e62974c62d274323b1902155645660d6d0ad6bfd7ba6f604d47b136c
- SHA512
  
  ff85709b9e0d76f429286cbee238f8c3614756f90c63fc14f8e24dc0b83033b70aba974b9ec544331f3fa094f0f1ea24ccd4a071940e623a5be7ff5d89477801
- SSDEEP
  
  1536:amZ+4hcuX5uZ79jmvFQTXnz9yQ/PFBhl15:amZ+luXwy2f9LDhD5
Score

10^/10

urelas discovery trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Urelas family
  urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

urelasdiscoverytrojan

behavioral2

urelasdiscoverytrojan