urelas | 797863e7e81c2300c16865f8f8d3c62867df75e65a8cb648d862aa7a8b9d4b63 | Triage

Sharing

General

Target

797863e7e81c2300c16865f8f8d3c62867df75e65a8cb648d862aa7a8b9d4b63.exe
Size

193KB
Sample

241122-kjf5asxnew
MD5

61680c917c1a19dac1b096853c2bcc5a
SHA1

16d8f43406c910483c0a4e1ea5327e0aa34058fc
SHA256

797863e7e81c2300c16865f8f8d3c62867df75e65a8cb648d862aa7a8b9d4b63
SHA512

fea54941f01c4391d6c307719f7c84fcead30a33f8ac3cc407d041969cb464ae58d6c86a1c9e5eabaa471f3d6b5fcc52be3b4d162bc63bb5f54d191a90273f07
SSDEEP

3072:gAwixCZ6Sh77R2Gpf606U8v0e7OIgPDFIbbzhPM67fIhA:gExhk7rh7NEOIYWlPM6r6A

Score

10^/10

urelas discovery trojan

Malware Config

Extracted

Family

urelas

C2

218.54.47.76

218.54.47.77

218.54.47.74

Targets

- Target
  
  797863e7e81c2300c16865f8f8d3c62867df75e65a8cb648d862aa7a8b9d4b63.exe
- Size
  
  193KB
- MD5
  
  61680c917c1a19dac1b096853c2bcc5a
- SHA1
  
  16d8f43406c910483c0a4e1ea5327e0aa34058fc
- SHA256
  
  797863e7e81c2300c16865f8f8d3c62867df75e65a8cb648d862aa7a8b9d4b63
- SHA512
  
  fea54941f01c4391d6c307719f7c84fcead30a33f8ac3cc407d041969cb464ae58d6c86a1c9e5eabaa471f3d6b5fcc52be3b4d162bc63bb5f54d191a90273f07
- SSDEEP
  
  3072:gAwixCZ6Sh77R2Gpf606U8v0e7OIgPDFIbbzhPM67fIhA:gExhk7rh7NEOIYWlPM6r6A
Score

10^/10

urelas discovery trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Urelas family
  urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

urelasdiscoverytrojan

behavioral2

urelasdiscoverytrojan