urelas | d562d6c69be6d0ad0747669afc33b816418ad308fb7a5538283dcff855aa9609 | Triage

Sharing

General

Target

d562d6c69be6d0ad0747669afc33b816418ad308fb7a5538283dcff855aa9609.exe
Size

60KB
Sample

241123-khqmca1rdx
MD5

b69b16d0966887877d90b1fad059b7f7
SHA1

144c90f6f4adf02f3495002c61646c8e719d4f3c
SHA256

d562d6c69be6d0ad0747669afc33b816418ad308fb7a5538283dcff855aa9609
SHA512

179bf4b4eb358c7c5cd4d0ff394ab5492667e8db75eeb197ba950960a0c2beb02ab722ed80669cda2b4eee843d9c451c1483186a8b077f91bb9c2eb7bdb236da
SSDEEP

1536:nK0GjMeQG3iaQREuVZ6ro29p4YxbKd9/l:K0GAqjuVZ6rNO99

Score

10^/10

urelas discovery trojan

Malware Config

Extracted

Family

urelas

C2

218.54.47.76

218.54.47.77

218.54.47.74

Targets

- Target
  
  d562d6c69be6d0ad0747669afc33b816418ad308fb7a5538283dcff855aa9609.exe
- Size
  
  60KB
- MD5
  
  b69b16d0966887877d90b1fad059b7f7
- SHA1
  
  144c90f6f4adf02f3495002c61646c8e719d4f3c
- SHA256
  
  d562d6c69be6d0ad0747669afc33b816418ad308fb7a5538283dcff855aa9609
- SHA512
  
  179bf4b4eb358c7c5cd4d0ff394ab5492667e8db75eeb197ba950960a0c2beb02ab722ed80669cda2b4eee843d9c451c1483186a8b077f91bb9c2eb7bdb236da
- SSDEEP
  
  1536:nK0GjMeQG3iaQREuVZ6ro29p4YxbKd9/l:K0GAqjuVZ6rNO99
Score

10^/10

urelas discovery trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Urelas family
  urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

urelasdiscoverytrojan

behavioral2

urelasdiscoverytrojan