urelas | 644182d7f93dd2ecfd6f48e41c19d43868b8417aaa5a62092b7fb70eba72c1e1 | Triage

Sharing

General

Target

644182d7f93dd2ecfd6f48e41c19d43868b8417aaa5a62092b7fb70eba72c1e1N.exe
Size

57KB
Sample

241218-g7gh7aylck
MD5

9033f32223a0b27c3bbd742d78e5e260
SHA1

43a5e9ccd4457ecf9432daa1437c0864633a5729
SHA256

644182d7f93dd2ecfd6f48e41c19d43868b8417aaa5a62092b7fb70eba72c1e1
SHA512

e07544cbc63f78349a27878aeedc189983f6e5ece4080fc79928a0acbb8dc314a382e49c514c1e81e966720a1b3ab350b7c8b4fd55109823a3d24e791d12281a
SSDEEP

1536:amZ+4hcuX5uZ79jmvFQTXnz9yQ/PFBhl1Lg+:amZ+luXwy2f9LDhDLg+

Score

10^/10

urelas discovery trojan

Malware Config

Extracted

Family

urelas

C2

218.54.47.76

218.54.47.77

218.54.47.74

Targets

- Target
  
  644182d7f93dd2ecfd6f48e41c19d43868b8417aaa5a62092b7fb70eba72c1e1N.exe
- Size
  
  57KB
- MD5
  
  9033f32223a0b27c3bbd742d78e5e260
- SHA1
  
  43a5e9ccd4457ecf9432daa1437c0864633a5729
- SHA256
  
  644182d7f93dd2ecfd6f48e41c19d43868b8417aaa5a62092b7fb70eba72c1e1
- SHA512
  
  e07544cbc63f78349a27878aeedc189983f6e5ece4080fc79928a0acbb8dc314a382e49c514c1e81e966720a1b3ab350b7c8b4fd55109823a3d24e791d12281a
- SSDEEP
  
  1536:amZ+4hcuX5uZ79jmvFQTXnz9yQ/PFBhl1Lg+:amZ+luXwy2f9LDhDLg+
Score

10^/10

urelas discovery trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Urelas family
  urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

urelasdiscoverytrojan

behavioral2

urelasdiscoverytrojan