urelas | 056ec6c36e4b84f2d84f25b41d71efaeac35417379b9bd3b770e80df6104af87 | Triage

Sharing

General

Target

056ec6c36e4b84f2d84f25b41d71efaeac35417379b9bd3b770e80df6104af87N.exe
Size

184KB
Sample

241220-bbd6aswjaq
MD5

63d0fe83297b1d6d095e994c5e0b6720
SHA1

52cde58323b4845e13209dfea102cc35a5f62973
SHA256

056ec6c36e4b84f2d84f25b41d71efaeac35417379b9bd3b770e80df6104af87
SHA512

353e63dae62dba39df8ddcda3deef2f3487b70c4881a626e9120aee7501cb614a78cfa35c06ff800018f2c3c102f5e5a19b80bdebcb0fde90db0293d9350f141
SSDEEP

3072:u3mvqCDm+W03RB5eUp6UlD/mUKissApfA6y4YHFB:2mvqeP33AYFIN9treHP

Score

10^/10

urelas discovery trojan

Malware Config

Extracted

Family

urelas

C2

218.54.47.76

218.54.47.77

218.54.47.74

Targets

- Target
  
  056ec6c36e4b84f2d84f25b41d71efaeac35417379b9bd3b770e80df6104af87N.exe
- Size
  
  184KB
- MD5
  
  63d0fe83297b1d6d095e994c5e0b6720
- SHA1
  
  52cde58323b4845e13209dfea102cc35a5f62973
- SHA256
  
  056ec6c36e4b84f2d84f25b41d71efaeac35417379b9bd3b770e80df6104af87
- SHA512
  
  353e63dae62dba39df8ddcda3deef2f3487b70c4881a626e9120aee7501cb614a78cfa35c06ff800018f2c3c102f5e5a19b80bdebcb0fde90db0293d9350f141
- SSDEEP
  
  3072:u3mvqCDm+W03RB5eUp6UlD/mUKissApfA6y4YHFB:2mvqeP33AYFIN9treHP
Score

10^/10

urelas discovery trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Urelas family
  urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

urelasdiscoverytrojan

behavioral2

urelasdiscoverytrojan