urelas | fe429f034117f7eb6f612b146e9a228898e7decf7f0c3eb76a17048783fbeff3 | Triage

Sharing

General

Target

fe429f034117f7eb6f612b146e9a228898e7decf7f0c3eb76a17048783fbeff3
Size

535KB
Sample

241026-gbw9rsykgt
MD5

a5b91953125348dfde9ae88ba17e4eb8
SHA1

dd12d5e3566947bd80fe593f4b751ab41673caf6
SHA256

fe429f034117f7eb6f612b146e9a228898e7decf7f0c3eb76a17048783fbeff3
SHA512

25b33a545ad092d986591c65141c84671620d01230ad0fd925a001e60ea7bad2a2d58af3c852ba3f2e41871336def3b61e8dd4b6262ce50bf4920e4bd50b5b69
SSDEEP

12288:q0nPhglq2Uyt4R/b2G/0hznQGoexBU/NPz:q0P/k4lb2wKatz

Score

10^/10

urelas discovery trojan

Malware Config

Extracted

Family

urelas

C2

218.54.31.226

218.54.31.165

Targets

- Target
  
  fe429f034117f7eb6f612b146e9a228898e7decf7f0c3eb76a17048783fbeff3
- Size
  
  535KB
- MD5
  
  a5b91953125348dfde9ae88ba17e4eb8
- SHA1
  
  dd12d5e3566947bd80fe593f4b751ab41673caf6
- SHA256
  
  fe429f034117f7eb6f612b146e9a228898e7decf7f0c3eb76a17048783fbeff3
- SHA512
  
  25b33a545ad092d986591c65141c84671620d01230ad0fd925a001e60ea7bad2a2d58af3c852ba3f2e41871336def3b61e8dd4b6262ce50bf4920e4bd50b5b69
- SSDEEP
  
  12288:q0nPhglq2Uyt4R/b2G/0hznQGoexBU/NPz:q0P/k4lb2wKatz
Score

10^/10

urelas discovery trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Urelas family
  urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

urelasdiscoverytrojan

behavioral2

urelasdiscoverytrojan