urelas | ff6a40f79bfc33aa80104f1fb3e1cd7b4008cb2eca0a160d7a7f737ad1b15bc0 | Triage

Sharing

General

Target

ff6a40f79bfc33aa80104f1fb3e1cd7b4008cb2eca0a160d7a7f737ad1b15bc0
Size

51KB
Sample

241116-xehhsa1hlp
MD5

21301ab6a0336f6a17eb12762538cb4c
SHA1

41c8a1d774c3530883cd8acb2881fc86a4aa6bae
SHA256

ff6a40f79bfc33aa80104f1fb3e1cd7b4008cb2eca0a160d7a7f737ad1b15bc0
SHA512

234889892eb2f33ec1d504afab11f80819f6eb34a271a82ef9a7862d699a11c021fbd14d87eaacc3f8aa16ebffb2155149e57c4bede241301806f121d5d3e609
SSDEEP

1536:h+Ds6ClDXuqweo/0khAUnJDgabGsVy6umfFlPhPo:KsdXfBo/DBJBGzkP5Po

Score

10^/10

urelas discovery trojan

Malware Config

Extracted

Family

urelas

C2

121.88.5.183

218.54.28.139

Targets

- Target
  
  ff6a40f79bfc33aa80104f1fb3e1cd7b4008cb2eca0a160d7a7f737ad1b15bc0
- Size
  
  51KB
- MD5
  
  21301ab6a0336f6a17eb12762538cb4c
- SHA1
  
  41c8a1d774c3530883cd8acb2881fc86a4aa6bae
- SHA256
  
  ff6a40f79bfc33aa80104f1fb3e1cd7b4008cb2eca0a160d7a7f737ad1b15bc0
- SHA512
  
  234889892eb2f33ec1d504afab11f80819f6eb34a271a82ef9a7862d699a11c021fbd14d87eaacc3f8aa16ebffb2155149e57c4bede241301806f121d5d3e609
- SSDEEP
  
  1536:h+Ds6ClDXuqweo/0khAUnJDgabGsVy6umfFlPhPo:KsdXfBo/DBJBGzkP5Po
Score

10^/10

urelas discovery trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Urelas family
  urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

urelasdiscoverytrojan

behavioral2

urelasdiscoverytrojan