urelas | 16389a346faf235c2a0be839ddec4d8f359ae1664b1e2da1ad5373a7c3c696c8 | Triage

Sharing

General

Target

16389a346faf235c2a0be839ddec4d8f359ae1664b1e2da1ad5373a7c3c696c8
Size

92KB
Sample

240808-xknlzsxfkl
MD5

30160a086e2b0d41c569c13822f9cdad
SHA1

16be95ae00af1c997ddf953e208f33834ba82938
SHA256

16389a346faf235c2a0be839ddec4d8f359ae1664b1e2da1ad5373a7c3c696c8
SHA512

0704df61cc21edb6d429dfef1ba8bda265af00293831a7032ed14f0c6607ba64e3dcecc98eb3bf165ae70edf6e986412aeeeda89eef94f71f4231f0f112c8913
SSDEEP

768:2geZ5QeklJQ35pPRuIkUD1sYAQ/TN71N1adOZSHj9jaSCpOzIi7D8kUUUNUEd:heZqP25TuIfmS7Fv1aUZSD9yiIH7

Score

10^/10

urelas discovery trojan

Malware Config

Extracted

Family

urelas

C2

218.54.28.139

121.88.5.183

Targets

- Target
  
  16389a346faf235c2a0be839ddec4d8f359ae1664b1e2da1ad5373a7c3c696c8
- Size
  
  92KB
- MD5
  
  30160a086e2b0d41c569c13822f9cdad
- SHA1
  
  16be95ae00af1c997ddf953e208f33834ba82938
- SHA256
  
  16389a346faf235c2a0be839ddec4d8f359ae1664b1e2da1ad5373a7c3c696c8
- SHA512
  
  0704df61cc21edb6d429dfef1ba8bda265af00293831a7032ed14f0c6607ba64e3dcecc98eb3bf165ae70edf6e986412aeeeda89eef94f71f4231f0f112c8913
- SSDEEP
  
  768:2geZ5QeklJQ35pPRuIkUD1sYAQ/TN71N1adOZSHj9jaSCpOzIi7D8kUUUNUEd:heZqP25TuIfmS7Fv1aUZSD9yiIH7
Score

10^/10

urelas discovery trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

urelasdiscoverytrojan

behavioral2

urelasdiscoverytrojan