urelas | 38cb48c9365cd9927d1f870c6b48a3d6b1b7ff5d7546fbda4b20a25190b0f6a5 | Triage

Sharing

General

Target

38cb48c9365cd9927d1f870c6b48a3d6b1b7ff5d7546fbda4b20a25190b0f6a5N.exe
Size

331KB
Sample

241113-b72w8sxpbk
MD5

30ea5e68559a497f7e2f766c971517c0
SHA1

74b2de3994c6bdd890440e115c5f66c81805eed2
SHA256

38cb48c9365cd9927d1f870c6b48a3d6b1b7ff5d7546fbda4b20a25190b0f6a5
SHA512

72f11c5cd6118b126cb7cd54e103b72a9502d945778014d88cd60d879261a7623784ffd8c79b742223d9a39bf78fc5771fc5e1082be24672a5fe3888f37ce3a0
SSDEEP

6144:nvHWrZ+i8/iYiVst4UKVRw8pDrKlGSeNWcx1RsF9gc+XYVT:vHW138/iXWlK885rKlGSekcj66ciET

Score

10^/10

urelas discovery trojan

Malware Config

Extracted

Family

urelas

C2

218.54.31.226

218.54.31.165

218.54.31.166

Targets

- Target
  
  38cb48c9365cd9927d1f870c6b48a3d6b1b7ff5d7546fbda4b20a25190b0f6a5N.exe
- Size
  
  331KB
- MD5
  
  30ea5e68559a497f7e2f766c971517c0
- SHA1
  
  74b2de3994c6bdd890440e115c5f66c81805eed2
- SHA256
  
  38cb48c9365cd9927d1f870c6b48a3d6b1b7ff5d7546fbda4b20a25190b0f6a5
- SHA512
  
  72f11c5cd6118b126cb7cd54e103b72a9502d945778014d88cd60d879261a7623784ffd8c79b742223d9a39bf78fc5771fc5e1082be24672a5fe3888f37ce3a0
- SSDEEP
  
  6144:nvHWrZ+i8/iYiVst4UKVRw8pDrKlGSeNWcx1RsF9gc+XYVT:vHW138/iXWlK885rKlGSekcj66ciET
Score

10^/10

urelas discovery trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Urelas family
  urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

urelasdiscoverytrojan

behavioral2

urelasdiscoverytrojan