urelas | d79915deced0476afb5a0fa8e0feaee8df50d0b5725d20a0d0adcff5c3eacb8e | Triage

Sharing

General

Target

d79915deced0476afb5a0fa8e0feaee8df50d0b5725d20a0d0adcff5c3eacb8e
Size

59KB
Sample

250119-ltws6stndm
MD5

599002927a47b9e0d1628b50721e3bb9
SHA1

2f9df5461df4d3d4de8c9312b3aa5c36e91882ca
SHA256

d79915deced0476afb5a0fa8e0feaee8df50d0b5725d20a0d0adcff5c3eacb8e
SHA512

5f929d15b11c06e42d09b6b3edc2480f3d2679b58dc06d760ada098db414a7579339e2b6ac2f510bf048988fe62396b6705f5d6cfd1e1225c948ba06774e8bf7
SSDEEP

768:jb4zb59Yix/RoyH+5flZirYqc97vFvrpaZG3DHvTdA9GgnOuS5Z3WXcKIZx5uDUR:jbQx5oPsr2vFxDPhAvzgdWLIZ7yUR

Score

10^/10

urelas discovery trojan

Malware Config

Extracted

Family

urelas

C2

218.54.47.76

218.54.47.77

218.54.47.74

Targets

- Target
  
  d79915deced0476afb5a0fa8e0feaee8df50d0b5725d20a0d0adcff5c3eacb8e
- Size
  
  59KB
- MD5
  
  599002927a47b9e0d1628b50721e3bb9
- SHA1
  
  2f9df5461df4d3d4de8c9312b3aa5c36e91882ca
- SHA256
  
  d79915deced0476afb5a0fa8e0feaee8df50d0b5725d20a0d0adcff5c3eacb8e
- SHA512
  
  5f929d15b11c06e42d09b6b3edc2480f3d2679b58dc06d760ada098db414a7579339e2b6ac2f510bf048988fe62396b6705f5d6cfd1e1225c948ba06774e8bf7
- SSDEEP
  
  768:jb4zb59Yix/RoyH+5flZirYqc97vFvrpaZG3DHvTdA9GgnOuS5Z3WXcKIZx5uDUR:jbQx5oPsr2vFxDPhAvzgdWLIZ7yUR
Score

10^/10

urelas discovery trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Urelas family
  urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

urelasdiscoverytrojan

behavioral2

urelasdiscoverytrojan