urelas | 349551096df6d424a40ec764bdaab63800ca2f6053762106518105de8727d783 | Triage

Sharing

General

Target

349551096df6d424a40ec764bdaab63800ca2f6053762106518105de8727d783.exe
Size

331KB
Sample

241112-wfbwys1lbl
MD5

5c8f53a6cbf5f696d09431aa725ad33c
SHA1

c16759563ac9e025648653316ee2c356c1fd668d
SHA256

349551096df6d424a40ec764bdaab63800ca2f6053762106518105de8727d783
SHA512

38a6d55e5c8c5f1238e55b1e32d0280c8a736e785f42b10952e3549fe6888bc62b44b81d6d0436ba04be1af93ebade7aff499b7ef454e99637b62769071a9c99
SSDEEP

6144:nvHWrZ+i8/iYiVst4UKVRw8pDrKlGSeNWcx1RsF9gc+XYVb:vHW138/iXWlK885rKlGSekcj66ciEb

Score

10^/10

urelas discovery trojan

Malware Config

Extracted

Family

urelas

C2

218.54.31.226

218.54.31.165

218.54.31.166

Targets

- Target
  
  349551096df6d424a40ec764bdaab63800ca2f6053762106518105de8727d783.exe
- Size
  
  331KB
- MD5
  
  5c8f53a6cbf5f696d09431aa725ad33c
- SHA1
  
  c16759563ac9e025648653316ee2c356c1fd668d
- SHA256
  
  349551096df6d424a40ec764bdaab63800ca2f6053762106518105de8727d783
- SHA512
  
  38a6d55e5c8c5f1238e55b1e32d0280c8a736e785f42b10952e3549fe6888bc62b44b81d6d0436ba04be1af93ebade7aff499b7ef454e99637b62769071a9c99
- SSDEEP
  
  6144:nvHWrZ+i8/iYiVst4UKVRw8pDrKlGSeNWcx1RsF9gc+XYVb:vHW138/iXWlK885rKlGSekcj66ciEb
Score

10^/10

urelas discovery trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Urelas family
  urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

urelasdiscoverytrojan

behavioral2

urelasdiscoverytrojan