urelas | 2f6da5dba9eb5bf6eaade283ff9cb3d52b637cfe30596c75f56dfb99374eb804 | Triage

Sharing

General

Target

2f6da5dba9eb5bf6eaade283ff9cb3d52b637cfe30596c75f56dfb99374eb804N
Size

331KB
Sample

241030-mb94hs1fnq
MD5

84affb81f44aa2c83eb85713533b18c0
SHA1

e1127087f960860fc7343bf44e3af267ae2bfaaa
SHA256

2f6da5dba9eb5bf6eaade283ff9cb3d52b637cfe30596c75f56dfb99374eb804
SHA512

053984cda524ed05bea35de15e362deab1f26875768c33e7cf9ce8b863318f01113e87354b597ab2848db93583e5b7a813c6dd86487c550a73930463aabd449c
SSDEEP

6144:nvHWrZ+i8/iYiVst4UKVRw8pDrKlGSeNWcx1RsF9gc+XYB:vHW138/iXWlK885rKlGSekcj66cic

Score

10^/10

urelas discovery trojan

Malware Config

Extracted

Family

urelas

C2

218.54.31.226

218.54.31.165

218.54.31.166

Targets

- Target
  
  2f6da5dba9eb5bf6eaade283ff9cb3d52b637cfe30596c75f56dfb99374eb804N
- Size
  
  331KB
- MD5
  
  84affb81f44aa2c83eb85713533b18c0
- SHA1
  
  e1127087f960860fc7343bf44e3af267ae2bfaaa
- SHA256
  
  2f6da5dba9eb5bf6eaade283ff9cb3d52b637cfe30596c75f56dfb99374eb804
- SHA512
  
  053984cda524ed05bea35de15e362deab1f26875768c33e7cf9ce8b863318f01113e87354b597ab2848db93583e5b7a813c6dd86487c550a73930463aabd449c
- SSDEEP
  
  6144:nvHWrZ+i8/iYiVst4UKVRw8pDrKlGSeNWcx1RsF9gc+XYB:vHW138/iXWlK885rKlGSekcj66cic
Score

10^/10

urelas discovery trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Urelas family
  urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

urelasdiscoverytrojan

behavioral2

urelasdiscoverytrojan