urelas | b8cddc5134178bcf00f7e32c8d8229002fcf3bc6a5c689f42c76ab24577f14c5 | Triage

Sharing

General

Target

b8cddc5134178bcf00f7e32c8d8229002fcf3bc6a5c689f42c76ab24577f14c5
Size

55KB
Sample

241124-c6zadszncz
MD5

2560434d7a5b2647f07593ad6d8a6d10
SHA1

13dda438bf017484aac809ee7887039bf8d2fffa
SHA256

b8cddc5134178bcf00f7e32c8d8229002fcf3bc6a5c689f42c76ab24577f14c5
SHA512

bed17b60f905fa66383eef0f08de030707d70e1b4e0884f36ce0ff9f0e6e61c1819817517009167c1e8cd65c045185b77b0f4028b1bfb824f7ab954099f379f8
SSDEEP

1536:qw788avzI+on+TqOK0cHMqtzMLvWsrupwnTf1GqT7O:qwda7KVr0cHneunw1O

Score

10^/10

urelas discovery trojan

Malware Config

Extracted

Family

urelas

C2

218.54.47.76

218.54.47.77

218.54.47.74

Targets

- Target
  
  b8cddc5134178bcf00f7e32c8d8229002fcf3bc6a5c689f42c76ab24577f14c5
- Size
  
  55KB
- MD5
  
  2560434d7a5b2647f07593ad6d8a6d10
- SHA1
  
  13dda438bf017484aac809ee7887039bf8d2fffa
- SHA256
  
  b8cddc5134178bcf00f7e32c8d8229002fcf3bc6a5c689f42c76ab24577f14c5
- SHA512
  
  bed17b60f905fa66383eef0f08de030707d70e1b4e0884f36ce0ff9f0e6e61c1819817517009167c1e8cd65c045185b77b0f4028b1bfb824f7ab954099f379f8
- SSDEEP
  
  1536:qw788avzI+on+TqOK0cHMqtzMLvWsrupwnTf1GqT7O:qwda7KVr0cHneunw1O
Score

10^/10

urelas discovery trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Urelas family
  urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

urelasdiscoverytrojan

behavioral2

urelasdiscoverytrojan