urelas | 63e0e7df039a1ffd7dba4a85c79c4b3c9ec0b80abe02f35f3eb0ce75d6fc0ba4 | Triage

Sharing

General

Target

63e0e7df039a1ffd7dba4a85c79c4b3c9ec0b80abe02f35f3eb0ce75d6fc0ba4N.exe
Size

273KB
Sample

250117-fclzratkan
MD5

344326795dd73f0f995dd321b9ab2d20
SHA1

bfb74c315b6d44aab02dd48aa77915c19ab72c2d
SHA256

63e0e7df039a1ffd7dba4a85c79c4b3c9ec0b80abe02f35f3eb0ce75d6fc0ba4
SHA512

e835c19f3e78eff13ef71b40a7946e3116eca73f3396d5fd286930e25afe4deccc2553098a21c724c5fe12ccf0edb47cc0ee03845829a5a383b39908bf9bacfa
SSDEEP

3072:pp56zRJ83+OJ7NoGvdwWy6k04yW/KME0jj0Q:pOzRWu27dlOd5W0b

Score

10^/10

urelas discovery trojan

Malware Config

Extracted

Family

urelas

C2

218.54.47.76

218.54.47.77

218.54.47.74

Targets

- Target
  
  63e0e7df039a1ffd7dba4a85c79c4b3c9ec0b80abe02f35f3eb0ce75d6fc0ba4N.exe
- Size
  
  273KB
- MD5
  
  344326795dd73f0f995dd321b9ab2d20
- SHA1
  
  bfb74c315b6d44aab02dd48aa77915c19ab72c2d
- SHA256
  
  63e0e7df039a1ffd7dba4a85c79c4b3c9ec0b80abe02f35f3eb0ce75d6fc0ba4
- SHA512
  
  e835c19f3e78eff13ef71b40a7946e3116eca73f3396d5fd286930e25afe4deccc2553098a21c724c5fe12ccf0edb47cc0ee03845829a5a383b39908bf9bacfa
- SSDEEP
  
  3072:pp56zRJ83+OJ7NoGvdwWy6k04yW/KME0jj0Q:pOzRWu27dlOd5W0b
Score

10^/10

urelas discovery trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Urelas family
  urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

urelasdiscoverytrojan

behavioral2

urelasdiscoverytrojan