urelas | 99707ea09d06eb7f68d3d95581157bdf76b97e890f9f514932ed1622c1df760a | Triage

Sharing

General

Target

99707ea09d06eb7f68d3d95581157bdf76b97e890f9f514932ed1622c1df760a.exe
Size

620KB
Sample

241123-216vqaxnfm
MD5

65d35b2b7a3f133701ff00a1e76afb42
SHA1

ec13f2169dcdfbb314a5310ae662b3581e725ad9
SHA256

99707ea09d06eb7f68d3d95581157bdf76b97e890f9f514932ed1622c1df760a
SHA512

3de79931df7ce7837ee94333eba2ac58dac762c8dc5b9a04260a829178580c7213a57017a6a1d8fcb2f338db4337d1d6a6ee13bbedaf8d0111a48008ec34cadc
SSDEEP

6144:imbmLppYOuakYGWV5Q4XMxvQ4x1OpGcm9VQl0lM/oJ4/gupXWyKvt:ima6idv8zzkGHVqoq/gKW9

Score

10^/10

urelas discovery trojan

Malware Config

Extracted

Family

urelas

C2

218.54.31.226

218.54.31.165

Targets

- Target
  
  99707ea09d06eb7f68d3d95581157bdf76b97e890f9f514932ed1622c1df760a.exe
- Size
  
  620KB
- MD5
  
  65d35b2b7a3f133701ff00a1e76afb42
- SHA1
  
  ec13f2169dcdfbb314a5310ae662b3581e725ad9
- SHA256
  
  99707ea09d06eb7f68d3d95581157bdf76b97e890f9f514932ed1622c1df760a
- SHA512
  
  3de79931df7ce7837ee94333eba2ac58dac762c8dc5b9a04260a829178580c7213a57017a6a1d8fcb2f338db4337d1d6a6ee13bbedaf8d0111a48008ec34cadc
- SSDEEP
  
  6144:imbmLppYOuakYGWV5Q4XMxvQ4x1OpGcm9VQl0lM/oJ4/gupXWyKvt:ima6idv8zzkGHVqoq/gKW9
Score

10^/10

urelas discovery trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Urelas family
  urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

urelasdiscoverytrojan

behavioral2

urelasdiscoverytrojan