urelas | 3f1b8766aa4d7bda028f42484807f996e2069d359ecb6280dfdca2c38b8cafe2 | Triage

Sharing

General

Target

3f1b8766aa4d7bda028f42484807f996e2069d359ecb6280dfdca2c38b8cafe2.exe
Size

58KB
Sample

241118-dhaskawgke
MD5

e30124f3022f583eaca0792b61d19ea4
SHA1

f3b2d070018ca69fe6d985bc13fe4aa329d3d43d
SHA256

3f1b8766aa4d7bda028f42484807f996e2069d359ecb6280dfdca2c38b8cafe2
SHA512

21c334b42a47faabb905f386339311e935935b988ab94a5c4c40a0e13659364b128c7afd9e1a0c5f372ed36d88ddb3f118537b64cabb68e58728db3d16e28af5
SSDEEP

1536:amZ+4hcuX5uZ79jmvFQTXnz9yQ/PFBhl1lw:amZ+luXwy2f9LDhDlw

Score

10^/10

urelas discovery trojan

Malware Config

Extracted

Family

urelas

C2

218.54.47.76

218.54.47.77

218.54.47.74

Targets

- Target
  
  3f1b8766aa4d7bda028f42484807f996e2069d359ecb6280dfdca2c38b8cafe2.exe
- Size
  
  58KB
- MD5
  
  e30124f3022f583eaca0792b61d19ea4
- SHA1
  
  f3b2d070018ca69fe6d985bc13fe4aa329d3d43d
- SHA256
  
  3f1b8766aa4d7bda028f42484807f996e2069d359ecb6280dfdca2c38b8cafe2
- SHA512
  
  21c334b42a47faabb905f386339311e935935b988ab94a5c4c40a0e13659364b128c7afd9e1a0c5f372ed36d88ddb3f118537b64cabb68e58728db3d16e28af5
- SSDEEP
  
  1536:amZ+4hcuX5uZ79jmvFQTXnz9yQ/PFBhl1lw:amZ+luXwy2f9LDhDlw
Score

10^/10

urelas discovery trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Urelas family
  urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

urelasdiscoverytrojan

behavioral2

urelasdiscoverytrojan