urelas | 6fe7084a408f6e386566cb448c72cb028fbfc520bf6a4559a7e8628881bdd917 | Triage

Sharing

General

Target

6fe7084a408f6e386566cb448c72cb028fbfc520bf6a4559a7e8628881bdd917.exe
Size

537KB
Sample

241122-y55lnsyjdv
MD5

19da4be68c766a22e7e2a3bbbd408176
SHA1

f7c6da09241d7b456a90a605e992d2b9ee8ce809
SHA256

6fe7084a408f6e386566cb448c72cb028fbfc520bf6a4559a7e8628881bdd917
SHA512

0191cc54def6eab7f2d0afd80cf4706bde7e3c28ead0e5c4ad764e27b44954565e8809419f02d6b6c65e1d29afbbd2c832269801f57faefcbd79db5f1206ae8b
SSDEEP

12288:q0nPhglq2Uyt4R/b2G/0hznQGoexBU/NPt:q0P/k4lb2wKatt

Score

10^/10

urelas discovery trojan

Malware Config

Extracted

Family

urelas

C2

218.54.31.226

218.54.31.165

Targets

- Target
  
  6fe7084a408f6e386566cb448c72cb028fbfc520bf6a4559a7e8628881bdd917.exe
- Size
  
  537KB
- MD5
  
  19da4be68c766a22e7e2a3bbbd408176
- SHA1
  
  f7c6da09241d7b456a90a605e992d2b9ee8ce809
- SHA256
  
  6fe7084a408f6e386566cb448c72cb028fbfc520bf6a4559a7e8628881bdd917
- SHA512
  
  0191cc54def6eab7f2d0afd80cf4706bde7e3c28ead0e5c4ad764e27b44954565e8809419f02d6b6c65e1d29afbbd2c832269801f57faefcbd79db5f1206ae8b
- SSDEEP
  
  12288:q0nPhglq2Uyt4R/b2G/0hznQGoexBU/NPt:q0P/k4lb2wKatt
Score

10^/10

urelas discovery trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Urelas family
  urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

urelasdiscoverytrojan

behavioral2

urelasdiscoverytrojan