urelas | b3b641b81125521ba0a1ac4581e950a7a4abe6ed4be07d79ffa1715043eb85c1 | Triage

Sharing

General

Target

b3b641b81125521ba0a1ac4581e950a7a4abe6ed4be07d79ffa1715043eb85c1
Size

592KB
Sample

241117-ke4d2aznaq
MD5

e0f1f0356574f89c4f18cb6e0bc85d47
SHA1

23fbdb249badb0c65cbec60a6e776d19d332d2fb
SHA256

b3b641b81125521ba0a1ac4581e950a7a4abe6ed4be07d79ffa1715043eb85c1
SHA512

085d2cfbc2791bc97ac701e915f1d42b7bc7ceba58723b74a67825a426a05e718fbecc0ac8861c7f155d0377d02aa7a5bf2489ce4303ade0980d30e3772b9559
SSDEEP

6144:CZKHKSIl0SatLPTUrjBpAs/mpYIqaaUN44Iq766ztAkOHn0LHZRo:C4jm0Sat7Az/gZvTIq2WKkw0F6

Score

10^/10

urelas discovery trojan

Malware Config

Extracted

Family

urelas

C2

1.234.83.146

133.242.129.155

218.54.31.165

218.54.31.226

Targets

- Target
  
  b3b641b81125521ba0a1ac4581e950a7a4abe6ed4be07d79ffa1715043eb85c1
- Size
  
  592KB
- MD5
  
  e0f1f0356574f89c4f18cb6e0bc85d47
- SHA1
  
  23fbdb249badb0c65cbec60a6e776d19d332d2fb
- SHA256
  
  b3b641b81125521ba0a1ac4581e950a7a4abe6ed4be07d79ffa1715043eb85c1
- SHA512
  
  085d2cfbc2791bc97ac701e915f1d42b7bc7ceba58723b74a67825a426a05e718fbecc0ac8861c7f155d0377d02aa7a5bf2489ce4303ade0980d30e3772b9559
- SSDEEP
  
  6144:CZKHKSIl0SatLPTUrjBpAs/mpYIqaaUN44Iq766ztAkOHn0LHZRo:C4jm0Sat7Az/gZvTIq2WKkw0F6
Score

10^/10

urelas discovery trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Urelas family
  urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

urelasdiscoverytrojan

behavioral2

urelasdiscoverytrojan