urelas | d013d643c632acae42707dac647225d064bfa4036e908f4d01888ab91eae5b7a | Triage

Sharing

General

Target

d013d643c632acae42707dac647225d064bfa4036e908f4d01888ab91eae5b7a
Size

337KB
Sample

250124-km1cca1men
MD5

21fc82e8da85bd4559bf9463b21daa93
SHA1

8cccfd8370ab062a34ad417d7869bfaab1992104
SHA256

d013d643c632acae42707dac647225d064bfa4036e908f4d01888ab91eae5b7a
SHA512

cb908c8bd1bf7e40d23d704ad942f264f0ce10715cb90b57045b7ad4954373f93eeae4e33dc58312358ed5e5b3e26d1c1040e7e384f84adf2f3dd5e0c763c65f
SSDEEP

6144:nvHWrZ+i8/iYiVst4UKVRw8pDrKlGSeNWcx1RsF9gc+XYIcKog3:vHW138/iXWlK885rKlGSekcj66ciT

Score

10^/10

urelas discovery trojan

Malware Config

Extracted

Family

urelas

C2

218.54.31.226

218.54.31.165

218.54.31.166

Targets

- Target
  
  d013d643c632acae42707dac647225d064bfa4036e908f4d01888ab91eae5b7a
- Size
  
  337KB
- MD5
  
  21fc82e8da85bd4559bf9463b21daa93
- SHA1
  
  8cccfd8370ab062a34ad417d7869bfaab1992104
- SHA256
  
  d013d643c632acae42707dac647225d064bfa4036e908f4d01888ab91eae5b7a
- SHA512
  
  cb908c8bd1bf7e40d23d704ad942f264f0ce10715cb90b57045b7ad4954373f93eeae4e33dc58312358ed5e5b3e26d1c1040e7e384f84adf2f3dd5e0c763c65f
- SSDEEP
  
  6144:nvHWrZ+i8/iYiVst4UKVRw8pDrKlGSeNWcx1RsF9gc+XYIcKog3:vHW138/iXWlK885rKlGSekcj66ciT
Score

10^/10

urelas discovery trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Urelas family
  urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

urelasdiscoverytrojan

behavioral2

urelasdiscoverytrojan