urelas | a1ebe971e27beb336552eaa75f6d8a89d311a13efecc9d0d63e5299941054456 | Triage

Sharing

General

Target

a1ebe971e27beb336552eaa75f6d8a89d311a13efecc9d0d63e5299941054456.exe
Size

305KB
Sample

241122-h822yswpaz
MD5

e5e61363612d412f21409f38dc16f265
SHA1

c92a039870d46e84f1c14073d2ed7ea166e057e5
SHA256

a1ebe971e27beb336552eaa75f6d8a89d311a13efecc9d0d63e5299941054456
SHA512

6f74987f022bcb22e88dedf58ad84548c02b801f140854d9a4c8b6ac9047519124c0c8bace2580789ef37913bfa9607c240d2e5cbb6a620a1e67ce6238c27d98
SSDEEP

6144:yty5fbpxDuMcHYwt1gxloqtaE5iWbUMqfn8EijRUNafrHBw:ytCLD7+51gxeq3gOU9EEQrhw

Score

10^/10

urelas discovery trojan

Malware Config

Extracted

Family

urelas

C2

218.54.31.165

218.54.31.226

Targets

- Target
  
  a1ebe971e27beb336552eaa75f6d8a89d311a13efecc9d0d63e5299941054456.exe
- Size
  
  305KB
- MD5
  
  e5e61363612d412f21409f38dc16f265
- SHA1
  
  c92a039870d46e84f1c14073d2ed7ea166e057e5
- SHA256
  
  a1ebe971e27beb336552eaa75f6d8a89d311a13efecc9d0d63e5299941054456
- SHA512
  
  6f74987f022bcb22e88dedf58ad84548c02b801f140854d9a4c8b6ac9047519124c0c8bace2580789ef37913bfa9607c240d2e5cbb6a620a1e67ce6238c27d98
- SSDEEP
  
  6144:yty5fbpxDuMcHYwt1gxloqtaE5iWbUMqfn8EijRUNafrHBw:ytCLD7+51gxeq3gOU9EEQrhw
Score

10^/10

urelas discovery trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Urelas family
  urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

urelasdiscoverytrojan

behavioral2

urelasdiscoverytrojan