urelas | 81faf47e279217ddb4f9ef8f147697c7fb80a1f36464b801c774d34dcb99a11d | Triage

Sharing

General

Target

81faf47e279217ddb4f9ef8f147697c7fb80a1f36464b801c774d34dcb99a11dN.exe
Size

274KB
Sample

241122-2n2egaxlgk
MD5

a153677f0478feae8acc9e7d88da37b0
SHA1

491ec8d033805fb58a0879d27521670386ec48fe
SHA256

81faf47e279217ddb4f9ef8f147697c7fb80a1f36464b801c774d34dcb99a11d
SHA512

a216626d8a7498bcc247aa20647382202c4cf851bb1dc54b19138636006b1762a318e581b46997bb020c21d2f244a10e98ded600ba68598979fa2980f3f22b7b
SSDEEP

3072:pp56zRJ83+OJ7NoGvdwWy6k04yW/KME0jj0wA6c:pOzRWu27dlOd5W0In

Score

10^/10

urelas discovery trojan

Malware Config

Extracted

Family

urelas

C2

218.54.47.76

218.54.47.77

218.54.47.74

Targets

- Target
  
  81faf47e279217ddb4f9ef8f147697c7fb80a1f36464b801c774d34dcb99a11dN.exe
- Size
  
  274KB
- MD5
  
  a153677f0478feae8acc9e7d88da37b0
- SHA1
  
  491ec8d033805fb58a0879d27521670386ec48fe
- SHA256
  
  81faf47e279217ddb4f9ef8f147697c7fb80a1f36464b801c774d34dcb99a11d
- SHA512
  
  a216626d8a7498bcc247aa20647382202c4cf851bb1dc54b19138636006b1762a318e581b46997bb020c21d2f244a10e98ded600ba68598979fa2980f3f22b7b
- SSDEEP
  
  3072:pp56zRJ83+OJ7NoGvdwWy6k04yW/KME0jj0wA6c:pOzRWu27dlOd5W0In
Score

10^/10

urelas discovery trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Urelas family
  urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

urelasdiscoverytrojan

behavioral2

urelasdiscoverytrojan