urelas | 13e64d000514469371c856753fbada0ad3702cc8c878a36ba88623ce7f321899 | Triage

Sharing

General

Target

13e64d000514469371c856753fbada0ad3702cc8c878a36ba88623ce7f321899.exe
Size

71KB
Sample

241124-xn824atqas
MD5

24932fd070e98fbbdb2c175639cf9aca
SHA1

60a1680e111514923714318ebff16340ef4959fe
SHA256

13e64d000514469371c856753fbada0ad3702cc8c878a36ba88623ce7f321899
SHA512

188db705003ec54c635a1cea66cb5db5c75ad216ddc73494c412102b3f4fd8820728681050b39a8ed1f78ba606e67eda3533689c2ce386582aff38053841fa72
SSDEEP

1536:v6fqsAPQYGmPzmZDDZrV8sMQXGkfn33n7z5WeIuhCarawW:yLAYUzmdD0sMQl7d7IuhCaeh

Score

10^/10

urelas discovery trojan

Malware Config

Extracted

Family

urelas

C2

218.54.47.76

218.54.47.77

218.54.47.74

Targets

- Target
  
  13e64d000514469371c856753fbada0ad3702cc8c878a36ba88623ce7f321899.exe
- Size
  
  71KB
- MD5
  
  24932fd070e98fbbdb2c175639cf9aca
- SHA1
  
  60a1680e111514923714318ebff16340ef4959fe
- SHA256
  
  13e64d000514469371c856753fbada0ad3702cc8c878a36ba88623ce7f321899
- SHA512
  
  188db705003ec54c635a1cea66cb5db5c75ad216ddc73494c412102b3f4fd8820728681050b39a8ed1f78ba606e67eda3533689c2ce386582aff38053841fa72
- SSDEEP
  
  1536:v6fqsAPQYGmPzmZDDZrV8sMQXGkfn33n7z5WeIuhCarawW:yLAYUzmdD0sMQl7d7IuhCaeh
Score

10^/10

urelas discovery trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Urelas family
  urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

urelasdiscoverytrojan

behavioral2

urelasdiscoverytrojan