urelas | 3fbb4d3a1baf840f850de1ac1cd1df091f4d0aa90e5dadb76c5fd8a53c401731 | Triage

Sharing

General

Target

3fbb4d3a1baf840f850de1ac1cd1df091f4d0aa90e5dadb76c5fd8a53c401731.exe
Size

537KB
Sample

241123-1psy2syjhy
MD5

d8d3f06c0e9aea69858a74a5fec62a7a
SHA1

7a041b1f9fcd3d3fdd32b16c13d3780022c76be6
SHA256

3fbb4d3a1baf840f850de1ac1cd1df091f4d0aa90e5dadb76c5fd8a53c401731
SHA512

58a0794cb708db9dcd08326efdbf09175f906b03229f0bdd3411059d0d0fd057a2a2a0a4e500375fa0a8d21302fcf96726be4565b92af9e5d240a64f6d1ec3e7
SSDEEP

12288:q0nPhglq2Uyt4R/b2G/0hznQGoexBU/NP8:q0P/k4lb2wKat8

Score

10^/10

urelas discovery trojan

Malware Config

Extracted

Family

urelas

C2

218.54.31.226

218.54.31.165

Targets

- Target
  
  3fbb4d3a1baf840f850de1ac1cd1df091f4d0aa90e5dadb76c5fd8a53c401731.exe
- Size
  
  537KB
- MD5
  
  d8d3f06c0e9aea69858a74a5fec62a7a
- SHA1
  
  7a041b1f9fcd3d3fdd32b16c13d3780022c76be6
- SHA256
  
  3fbb4d3a1baf840f850de1ac1cd1df091f4d0aa90e5dadb76c5fd8a53c401731
- SHA512
  
  58a0794cb708db9dcd08326efdbf09175f906b03229f0bdd3411059d0d0fd057a2a2a0a4e500375fa0a8d21302fcf96726be4565b92af9e5d240a64f6d1ec3e7
- SSDEEP
  
  12288:q0nPhglq2Uyt4R/b2G/0hznQGoexBU/NP8:q0P/k4lb2wKat8
Score

10^/10

urelas discovery trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Urelas family
  urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

urelasdiscoverytrojan

behavioral2

urelasdiscoverytrojan