urelas | 3bd79093695ed9b423140464a9425194967adc2461ee9e7ae0d8e54eafbb36d5 | Triage

Sharing

General

Target

9ffab46b35109fa933a6cfa9bf29f2d0N.exe
Size

442KB
Sample

240902-gt352atelp
MD5

9ffab46b35109fa933a6cfa9bf29f2d0
SHA1

db0dff43c5a01aed1b41a52d0c4d120f95c2997a
SHA256

3bd79093695ed9b423140464a9425194967adc2461ee9e7ae0d8e54eafbb36d5
SHA512

293fa82c84a11cca4738e3460caf5576352ff4eef8595f129fc7b5120ac4b22a01d97f4c7aa8266a93318fcd1f2111ab202379279fab1e267c5621fa7b09db74
SSDEEP

6144:oo3wBi+1Py3V0a2WkRNgi3caOHO5NjEwwiYWB5mV4Pzw9ygibGGM1G:rKf1PyKa2H3hOHOHz9JQ6zByG

Score

10^/10

urelas discovery trojan

Malware Config

Extracted

Family

urelas

C2

1.234.83.146

133.242.129.155

218.54.31.165

218.54.31.226

Targets

- Target
  
  9ffab46b35109fa933a6cfa9bf29f2d0N.exe
- Size
  
  442KB
- MD5
  
  9ffab46b35109fa933a6cfa9bf29f2d0
- SHA1
  
  db0dff43c5a01aed1b41a52d0c4d120f95c2997a
- SHA256
  
  3bd79093695ed9b423140464a9425194967adc2461ee9e7ae0d8e54eafbb36d5
- SHA512
  
  293fa82c84a11cca4738e3460caf5576352ff4eef8595f129fc7b5120ac4b22a01d97f4c7aa8266a93318fcd1f2111ab202379279fab1e267c5621fa7b09db74
- SSDEEP
  
  6144:oo3wBi+1Py3V0a2WkRNgi3caOHO5NjEwwiYWB5mV4Pzw9ygibGGM1G:rKf1PyKa2H3hOHOHz9JQ6zByG
Score

10^/10

urelas discovery trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

urelasdiscoverytrojan

behavioral2

urelasdiscoverytrojan