urelas | 70bb5d2d8911581197f8b5f790797cc820b3734d6a1cfaa1a4050bb0ecf5181f | Triage

Sharing

General

Target

70bb5d2d8911581197f8b5f790797cc820b3734d6a1cfaa1a4050bb0ecf5181fN.exe
Size

141KB
Sample

241207-c2tt4sxkhn
MD5

ab8d41e8e3e63a68daa652ac6eba70e0
SHA1

931a9f6e214e62b774707afaf29c05429a1f6fce
SHA256

70bb5d2d8911581197f8b5f790797cc820b3734d6a1cfaa1a4050bb0ecf5181f
SHA512

750bef7183b003d8e61e0e147bb9fea8db7b984e8105dde0b09e3e94eb5b864d39c733728da0b0dba5da0feeeb161126148edc19d9b2ca28c9665e075284fccb
SSDEEP

1536:P/oEkqfCZ10zcT9Yh8AIXcjyz9cOXfiXGImcatMrsWjcdf6odgR5APfIQ:P/5kqCxiXEcO3XfGf2tMUf6odgR5A4Q

Score

10^/10

urelas discovery trojan

Malware Config

Extracted

Family

urelas

C2

218.54.47.76

218.54.47.77

218.54.47.74

Targets

- Target
  
  70bb5d2d8911581197f8b5f790797cc820b3734d6a1cfaa1a4050bb0ecf5181fN.exe
- Size
  
  141KB
- MD5
  
  ab8d41e8e3e63a68daa652ac6eba70e0
- SHA1
  
  931a9f6e214e62b774707afaf29c05429a1f6fce
- SHA256
  
  70bb5d2d8911581197f8b5f790797cc820b3734d6a1cfaa1a4050bb0ecf5181f
- SHA512
  
  750bef7183b003d8e61e0e147bb9fea8db7b984e8105dde0b09e3e94eb5b864d39c733728da0b0dba5da0feeeb161126148edc19d9b2ca28c9665e075284fccb
- SSDEEP
  
  1536:P/oEkqfCZ10zcT9Yh8AIXcjyz9cOXfiXGImcatMrsWjcdf6odgR5APfIQ:P/5kqCxiXEcO3XfGf2tMUf6odgR5A4Q
Score

10^/10

urelas discovery trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Urelas family
  urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

urelasdiscoverytrojan

behavioral2

urelasdiscoverytrojan