urelas | fe92121f12f123053156d935af03d7334ecef6587cfe4fa709e5dd99d7b52f40 | Triage

Sharing

General

Target

fe92121f12f123053156d935af03d7334ecef6587cfe4fa709e5dd99d7b52f40N
Size

330KB
Sample

241030-lam2xsypgs
MD5

43e55807dae4d469554634d521bb51f0
SHA1

cd78a7587dc2931f3ad025fd5e369bfbf6c54878
SHA256

fe92121f12f123053156d935af03d7334ecef6587cfe4fa709e5dd99d7b52f40
SHA512

81230acc56d16dc626b4847ee168f5cadd701793be92f275cb4b6a8acb4f10470e1c927ee790fb02f403ee9428b7ab5c56383c093108086f327d5c86b6009f87
SSDEEP

6144:nvHWrZ+i8/iYiVst4UKVRw8pDrKlGSeNWcx1RsF9gc+XYVt:vHW138/iXWlK885rKlGSekcj66ciEt

Score

10^/10

urelas discovery trojan

Malware Config

Extracted

Family

urelas

C2

218.54.31.226

218.54.31.165

218.54.31.166

Targets

- Target
  
  fe92121f12f123053156d935af03d7334ecef6587cfe4fa709e5dd99d7b52f40N
- Size
  
  330KB
- MD5
  
  43e55807dae4d469554634d521bb51f0
- SHA1
  
  cd78a7587dc2931f3ad025fd5e369bfbf6c54878
- SHA256
  
  fe92121f12f123053156d935af03d7334ecef6587cfe4fa709e5dd99d7b52f40
- SHA512
  
  81230acc56d16dc626b4847ee168f5cadd701793be92f275cb4b6a8acb4f10470e1c927ee790fb02f403ee9428b7ab5c56383c093108086f327d5c86b6009f87
- SSDEEP
  
  6144:nvHWrZ+i8/iYiVst4UKVRw8pDrKlGSeNWcx1RsF9gc+XYVt:vHW138/iXWlK885rKlGSekcj66ciEt
Score

10^/10

urelas discovery trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Urelas family
  urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

urelasdiscoverytrojan

behavioral2

urelasdiscoverytrojan