urelas | 133edd12d821bd362f2ad0693982abc59fba04af35ba0eec538d6cd798a6f691 | Triage

Sharing

General

Target

133edd12d821bd362f2ad0693982abc59fba04af35ba0eec538d6cd798a6f691
Size

337KB
Sample

241122-ylt1tsxnbw
MD5

39d8703f1b708b28f39401d39084363c
SHA1

d3ff0688c161c0829a07d65f17e618b805bc1cc0
SHA256

133edd12d821bd362f2ad0693982abc59fba04af35ba0eec538d6cd798a6f691
SHA512

45871b125f10e63a6f38c3612e757ae3a2fa0648bf1d0f49ef663882fbcbbf68aeb3805570a1fd834e805e681b6eea9611fa05574b9ce201946d77fbf06cfcd2
SSDEEP

6144:nvHWrZ+i8/iYiVst4UKVRw8pDrKlGSeNWcx1RsF9gc+XYpI:vHW138/iXWlK885rKlGSekcj66ciEI

Score

10^/10

urelas discovery trojan

Malware Config

Extracted

Family

urelas

C2

218.54.31.226

218.54.31.165

218.54.31.166

Targets

- Target
  
  133edd12d821bd362f2ad0693982abc59fba04af35ba0eec538d6cd798a6f691
- Size
  
  337KB
- MD5
  
  39d8703f1b708b28f39401d39084363c
- SHA1
  
  d3ff0688c161c0829a07d65f17e618b805bc1cc0
- SHA256
  
  133edd12d821bd362f2ad0693982abc59fba04af35ba0eec538d6cd798a6f691
- SHA512
  
  45871b125f10e63a6f38c3612e757ae3a2fa0648bf1d0f49ef663882fbcbbf68aeb3805570a1fd834e805e681b6eea9611fa05574b9ce201946d77fbf06cfcd2
- SSDEEP
  
  6144:nvHWrZ+i8/iYiVst4UKVRw8pDrKlGSeNWcx1RsF9gc+XYpI:vHW138/iXWlK885rKlGSekcj66ciEI
Score

10^/10

urelas discovery trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Urelas family
  urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

urelasdiscoverytrojan

behavioral2

urelasdiscoverytrojan