urelas | fe664118685632ec48e1bc3fbc30a7ba8972e04f77df8f22621345ac005ad52b | Triage

Sharing

General

Target

fe664118685632ec48e1bc3fbc30a7ba8972e04f77df8f22621345ac005ad52bN
Size

333KB
Sample

241028-nz1qeswne1
MD5

80c2e464d0e65c20fa068a3bfa7470b0
SHA1

51cdb889c9708a161fdb3c5fda6a4e38bebfbf23
SHA256

fe664118685632ec48e1bc3fbc30a7ba8972e04f77df8f22621345ac005ad52b
SHA512

abccd3d3d12848d114b0b7aa060b3c94b07175ccf965413944a884b933afbb71eb15dca3f06269d2fc421bbec59b831132d6fa759127065c495298bbadb3a6dd
SSDEEP

6144:nvHWrZ+i8/iYiVst4UKVRw8pDrKlGSeNWcx1RsF9gc+XY9+3:vHW138/iXWlK885rKlGSekcj66ciWQ

Score

10^/10

urelas discovery trojan

Malware Config

Extracted

Family

urelas

C2

218.54.31.226

218.54.31.165

218.54.31.166

Targets

- Target
  
  fe664118685632ec48e1bc3fbc30a7ba8972e04f77df8f22621345ac005ad52bN
- Size
  
  333KB
- MD5
  
  80c2e464d0e65c20fa068a3bfa7470b0
- SHA1
  
  51cdb889c9708a161fdb3c5fda6a4e38bebfbf23
- SHA256
  
  fe664118685632ec48e1bc3fbc30a7ba8972e04f77df8f22621345ac005ad52b
- SHA512
  
  abccd3d3d12848d114b0b7aa060b3c94b07175ccf965413944a884b933afbb71eb15dca3f06269d2fc421bbec59b831132d6fa759127065c495298bbadb3a6dd
- SSDEEP
  
  6144:nvHWrZ+i8/iYiVst4UKVRw8pDrKlGSeNWcx1RsF9gc+XY9+3:vHW138/iXWlK885rKlGSekcj66ciWQ
Score

10^/10

urelas discovery trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Urelas family
  urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

urelasdiscoverytrojan

behavioral2

urelasdiscoverytrojan