urelas | 92da0c4f704a1a4624ff6d9c7af5bedb57f6e456f66046855c265f0455b23f73 | Triage

Sharing

General

Target

92da0c4f704a1a4624ff6d9c7af5bedb57f6e456f66046855c265f0455b23f73
Size

69KB
Sample

250125-dx5aqatkbx
MD5

b7ee903b61c98d2e242da2622f1c707d
SHA1

800d5176e32f91b2bcf65ef68bd9052763a07de1
SHA256

92da0c4f704a1a4624ff6d9c7af5bedb57f6e456f66046855c265f0455b23f73
SHA512

bb6f7f949dd89cf15bea3c0a426fb049a57d2bdc673275207b00f7ed387214a00c5abb7ba0c43b0c6acedb5031b8878d6b03a24f45e613db7b6468260f9c48b8
SSDEEP

1536:04/WgLAjdZsp+uChoLnDeoqYAJjvLFymnHsPeOtVR:l//AjMp+u2onejH2PeGR

Score

10^/10

urelas discovery trojan

Malware Config

Extracted

Family

urelas

C2

218.54.47.76

218.54.47.77

218.54.47.74

Targets

- Target
  
  92da0c4f704a1a4624ff6d9c7af5bedb57f6e456f66046855c265f0455b23f73
- Size
  
  69KB
- MD5
  
  b7ee903b61c98d2e242da2622f1c707d
- SHA1
  
  800d5176e32f91b2bcf65ef68bd9052763a07de1
- SHA256
  
  92da0c4f704a1a4624ff6d9c7af5bedb57f6e456f66046855c265f0455b23f73
- SHA512
  
  bb6f7f949dd89cf15bea3c0a426fb049a57d2bdc673275207b00f7ed387214a00c5abb7ba0c43b0c6acedb5031b8878d6b03a24f45e613db7b6468260f9c48b8
- SSDEEP
  
  1536:04/WgLAjdZsp+uChoLnDeoqYAJjvLFymnHsPeOtVR:l//AjMp+u2onejH2PeGR
Score

10^/10

urelas discovery trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Urelas family
  urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

urelasdiscoverytrojan

behavioral2

urelasdiscoverytrojan