urelas | 03963180889c76134a4eaa597f97dc888d24bb77edf90f23f6d27eee58946865 | Triage

Sharing

General

Target

03963180889c76134a4eaa597f97dc888d24bb77edf90f23f6d27eee58946865.exe
Size

537KB
Sample

241123-jjgv6axndr
MD5

cd8f8d72550c4fc793b2da453251ae5a
SHA1

7856e981408deea7ff865db131f03b7417175c38
SHA256

03963180889c76134a4eaa597f97dc888d24bb77edf90f23f6d27eee58946865
SHA512

815d0a545504969a977aea9c6c976532275344a5f556cabe57f4a5f683fd02054f54fe01cd1d77412f25edd254363fdb3f24d47282529a1d80cf7de438e4e8fb
SSDEEP

12288:q0nPhglq2Uyt4R/b2G/0hznQGoexBU/NP3:q0P/k4lb2wKat3

Score

10^/10

urelas discovery trojan

Malware Config

Extracted

Family

urelas

C2

218.54.31.226

218.54.31.165

Targets

- Target
  
  03963180889c76134a4eaa597f97dc888d24bb77edf90f23f6d27eee58946865.exe
- Size
  
  537KB
- MD5
  
  cd8f8d72550c4fc793b2da453251ae5a
- SHA1
  
  7856e981408deea7ff865db131f03b7417175c38
- SHA256
  
  03963180889c76134a4eaa597f97dc888d24bb77edf90f23f6d27eee58946865
- SHA512
  
  815d0a545504969a977aea9c6c976532275344a5f556cabe57f4a5f683fd02054f54fe01cd1d77412f25edd254363fdb3f24d47282529a1d80cf7de438e4e8fb
- SSDEEP
  
  12288:q0nPhglq2Uyt4R/b2G/0hznQGoexBU/NP3:q0P/k4lb2wKat3
Score

10^/10

urelas discovery trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Urelas family
  urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

urelasdiscoverytrojan

behavioral2

urelasdiscoverytrojan