urelas | 04a8932d14724e5e206899bdd6871ed3efb1b7d200ff74d544f4e0773611f1cb | Triage

Sharing

General

Target

04a8932d14724e5e206899bdd6871ed3efb1b7d200ff74d544f4e0773611f1cb.exe
Size

448KB
Sample

241123-ezf7cayjbz
MD5

1ed68cb1d469c04c1d1c48e84dffd855
SHA1

4f9c195a777ab598b131b45f60b401ff3f5f72aa
SHA256

04a8932d14724e5e206899bdd6871ed3efb1b7d200ff74d544f4e0773611f1cb
SHA512

292b13bf860c98f5ca1ceb2cbaad63680142f5436ed532fd6d5692289678d53fd2766fca3e17a9a236f90a1face2e1b5f646d62ffa166dd59afdd95cc1b744cf
SSDEEP

6144:PEK25f5ySIcWLsxIIW4DYM6SB6v+qLnAzYmhwrxcvkzmSOpomr:PMpASIcWYx2U6hAJQny

Score

10^/10

urelas discovery trojan

Malware Config

Extracted

Family

urelas

C2

218.54.31.165

218.54.31.226

Targets

- Target
  
  04a8932d14724e5e206899bdd6871ed3efb1b7d200ff74d544f4e0773611f1cb.exe
- Size
  
  448KB
- MD5
  
  1ed68cb1d469c04c1d1c48e84dffd855
- SHA1
  
  4f9c195a777ab598b131b45f60b401ff3f5f72aa
- SHA256
  
  04a8932d14724e5e206899bdd6871ed3efb1b7d200ff74d544f4e0773611f1cb
- SHA512
  
  292b13bf860c98f5ca1ceb2cbaad63680142f5436ed532fd6d5692289678d53fd2766fca3e17a9a236f90a1face2e1b5f646d62ffa166dd59afdd95cc1b744cf
- SSDEEP
  
  6144:PEK25f5ySIcWLsxIIW4DYM6SB6v+qLnAzYmhwrxcvkzmSOpomr:PMpASIcWYx2U6hAJQny
Score

10^/10

urelas discovery trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Urelas family
  urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

urelasdiscoverytrojan

behavioral2

urelasdiscoverytrojan