urelas | 894a879dab73c6ea73fe5060a2257e3f197eb0e1b48b3532832ebbc1be927dd5 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2024-11-01_2e3927a9a35d24dbd091609163fc596b_magniber_qakbot
Size

4.7MB
Sample

241101-y5jn7stjby
MD5

2e3927a9a35d24dbd091609163fc596b
SHA1

2534a47fcb983e979969db6334b99c452fd72aff
SHA256

894a879dab73c6ea73fe5060a2257e3f197eb0e1b48b3532832ebbc1be927dd5
SHA512

1c31bc7d66e9d4114739e1682633ccc6d224de38a0405064e8e9878ee909be8ced71518a55836cfea4f97d99b010a22ca3609f860ff20b1c67b2743f7f510e6f
SSDEEP

49152:a2V7djp+oE2ZjHoZB6EZ88JUUXIEABMRviTURcN:a2V7NpW6Y6joUx

Score

10^/10

urelas discovery trojan

Malware Config

Extracted

Family

urelas

C2

121.88.5.183

218.54.30.235

121.88.5.181

112.223.217.101

Targets

- Target
  
  2024-11-01_2e3927a9a35d24dbd091609163fc596b_magniber_qakbot
- Size
  
  4.7MB
- MD5
  
  2e3927a9a35d24dbd091609163fc596b
- SHA1
  
  2534a47fcb983e979969db6334b99c452fd72aff
- SHA256
  
  894a879dab73c6ea73fe5060a2257e3f197eb0e1b48b3532832ebbc1be927dd5
- SHA512
  
  1c31bc7d66e9d4114739e1682633ccc6d224de38a0405064e8e9878ee909be8ced71518a55836cfea4f97d99b010a22ca3609f860ff20b1c67b2743f7f510e6f
- SSDEEP
  
  49152:a2V7djp+oE2ZjHoZB6EZ88JUUXIEABMRviTURcN:a2V7NpW6Y6joUx
Score

10^/10

urelas discovery trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Urelas family
  urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

urelasdiscoverytrojan

behavioral2

urelasdiscoverytrojan