urelas | e5c7b1ef09cd55ccf5394e8bfd90f68877c3c136f4e160b0ddea3fbee360986b | Triage

Sharing

General

Target

e5c7b1ef09cd55ccf5394e8bfd90f68877c3c136f4e160b0ddea3fbee360986b
Size

57KB
Sample

241130-fsmafstpb1
MD5

925597f9fefce73dd4bbd37750f223f0
SHA1

29d996364960f85edc3924fe6a370e04af6b2ea0
SHA256

e5c7b1ef09cd55ccf5394e8bfd90f68877c3c136f4e160b0ddea3fbee360986b
SHA512

7e3e1807ea2aca5f662d78c36a7dfa969be3708bc14c2a4532d0bc6f61de3f1014112c29f62939c58a57dbb046bc252ecc4d8c1ce0e3f55bb13f57b2ae88535f
SSDEEP

1536:MQPzemdaNqAPG17k74qlmbbVgYyvxcd5jnGWqN7kS8N/U:MOemdTd1o74qlmbbJ+x+Ik3U

Score

10^/10

urelas discovery trojan

Malware Config

Extracted

Family

urelas

C2

218.54.47.76

218.54.47.77

218.54.47.74

Targets

- Target
  
  e5c7b1ef09cd55ccf5394e8bfd90f68877c3c136f4e160b0ddea3fbee360986b
- Size
  
  57KB
- MD5
  
  925597f9fefce73dd4bbd37750f223f0
- SHA1
  
  29d996364960f85edc3924fe6a370e04af6b2ea0
- SHA256
  
  e5c7b1ef09cd55ccf5394e8bfd90f68877c3c136f4e160b0ddea3fbee360986b
- SHA512
  
  7e3e1807ea2aca5f662d78c36a7dfa969be3708bc14c2a4532d0bc6f61de3f1014112c29f62939c58a57dbb046bc252ecc4d8c1ce0e3f55bb13f57b2ae88535f
- SSDEEP
  
  1536:MQPzemdaNqAPG17k74qlmbbVgYyvxcd5jnGWqN7kS8N/U:MOemdTd1o74qlmbbJ+x+Ik3U
Score

10^/10

urelas discovery trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Urelas family
  urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

urelasdiscoverytrojan

behavioral2

urelasdiscoverytrojan