urelas | b585a1e9b91e9a98e5f8a65a4b9ec8990a132db39d062c32bbee7d4ba619c947 | Triage

Sharing

General

Target

b585a1e9b91e9a98e5f8a65a4b9ec8990a132db39d062c32bbee7d4ba619c947.exe
Size

546KB
Sample

241123-3h3k1symdm
MD5

b3b4c5ef066d864835569193e4962ae0
SHA1

195006e7f4633c904ae7a39b4ac04416ff20ea34
SHA256

b585a1e9b91e9a98e5f8a65a4b9ec8990a132db39d062c32bbee7d4ba619c947
SHA512

7ebd44fd19ba04d7ff935e2e5a37800cdc3126d87d0e32240ed9e04220ec87f00b7cbb6bfe590d4475f3c5d8b17f9475955362b2aba82b0fcefc529860da6f69
SSDEEP

6144:u2Kw7lwFXUEeJi2xVCVxfwY+0QSyvmZ3INALzT1uj65CT1i6iSyYQM0JiS83G48q:u+GtVfjTQSaoINAHT1VQ1i3SyQEW85gT

Score

10^/10

urelas discovery trojan

Malware Config

Extracted

Family

urelas

C2

218.54.31.226

218.54.31.165

Targets

- Target
  
  b585a1e9b91e9a98e5f8a65a4b9ec8990a132db39d062c32bbee7d4ba619c947.exe
- Size
  
  546KB
- MD5
  
  b3b4c5ef066d864835569193e4962ae0
- SHA1
  
  195006e7f4633c904ae7a39b4ac04416ff20ea34
- SHA256
  
  b585a1e9b91e9a98e5f8a65a4b9ec8990a132db39d062c32bbee7d4ba619c947
- SHA512
  
  7ebd44fd19ba04d7ff935e2e5a37800cdc3126d87d0e32240ed9e04220ec87f00b7cbb6bfe590d4475f3c5d8b17f9475955362b2aba82b0fcefc529860da6f69
- SSDEEP
  
  6144:u2Kw7lwFXUEeJi2xVCVxfwY+0QSyvmZ3INALzT1uj65CT1i6iSyYQM0JiS83G48q:u+GtVfjTQSaoINAHT1VQ1i3SyQEW85gT
Score

10^/10

urelas discovery trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Urelas family
  urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

urelasdiscoverytrojan

behavioral2

urelasdiscoverytrojan