urelas | 16261fb3a703ef33965fc35d7230b5f0ca970b9e02377f20faabf7be3f5f3662 | Triage

Sharing

General

Target

16261fb3a703ef33965fc35d7230b5f0ca970b9e02377f20faabf7be3f5f3662.exe
Size

332KB
Sample

241118-nkhajavpgz
MD5

c5105fd9f1ab2ad22f450fff55d33143
SHA1

e68a07e75bff28a4bf27567dfdef8bd519fb8a5a
SHA256

16261fb3a703ef33965fc35d7230b5f0ca970b9e02377f20faabf7be3f5f3662
SHA512

de98bee6a670b9b7e787e50786c75feecd647b3cde1dea6d01105f32b3271c61c4fbc881e7609f4ba33d0e36156117e430ab6f532e030c4550eb2147095f1670
SSDEEP

6144:nvHWrZ+i8/iYiVst4UKVRw8pDrKlGSeNWcx1RsF9gc+XY6:vHW138/iXWlK885rKlGSekcj66cib

Score

10^/10

urelas discovery trojan

Malware Config

Extracted

Family

urelas

C2

218.54.31.226

218.54.31.165

218.54.31.166

Targets

- Target
  
  16261fb3a703ef33965fc35d7230b5f0ca970b9e02377f20faabf7be3f5f3662.exe
- Size
  
  332KB
- MD5
  
  c5105fd9f1ab2ad22f450fff55d33143
- SHA1
  
  e68a07e75bff28a4bf27567dfdef8bd519fb8a5a
- SHA256
  
  16261fb3a703ef33965fc35d7230b5f0ca970b9e02377f20faabf7be3f5f3662
- SHA512
  
  de98bee6a670b9b7e787e50786c75feecd647b3cde1dea6d01105f32b3271c61c4fbc881e7609f4ba33d0e36156117e430ab6f532e030c4550eb2147095f1670
- SSDEEP
  
  6144:nvHWrZ+i8/iYiVst4UKVRw8pDrKlGSeNWcx1RsF9gc+XY6:vHW138/iXWlK885rKlGSekcj66cib
Score

10^/10

urelas discovery trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Urelas family
  urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

urelasdiscoverytrojan

behavioral2

urelasdiscoverytrojan