urelas | f2b8bc38e00041653286540956d5ca8d8532fbc1617ef38d7fe6bed514d054ec | Triage

Sharing

General

Target

f2b8bc38e00041653286540956d5ca8d8532fbc1617ef38d7fe6bed514d054ec.exe
Size

441KB
Sample

241123-n3nj9s1jcn
MD5

9e0b301908800e45d47a15d9eebb6fad
SHA1

7b8785b18bd3f5a04488b1c5c4b4a9f7b9593152
SHA256

f2b8bc38e00041653286540956d5ca8d8532fbc1617ef38d7fe6bed514d054ec
SHA512

df5fda3ef654d1587f76d008390cdc0b579bedb61738a8d48c8fee801efab6a8c8d32dc66298a29d1dfcc9b737ae5cb96030a6677c1656f80e55304f2a52fd2d
SSDEEP

6144:oEK25f5ySIcWLsxIIW4DYM6SB6v+qLnAzYmhwrxcvkzmSOpjH:oMpASIcWYx2U6hAJQnQ

Score

10^/10

urelas discovery trojan

Malware Config

Extracted

Family

urelas

C2

218.54.31.165

218.54.31.226

Targets

- Target
  
  f2b8bc38e00041653286540956d5ca8d8532fbc1617ef38d7fe6bed514d054ec.exe
- Size
  
  441KB
- MD5
  
  9e0b301908800e45d47a15d9eebb6fad
- SHA1
  
  7b8785b18bd3f5a04488b1c5c4b4a9f7b9593152
- SHA256
  
  f2b8bc38e00041653286540956d5ca8d8532fbc1617ef38d7fe6bed514d054ec
- SHA512
  
  df5fda3ef654d1587f76d008390cdc0b579bedb61738a8d48c8fee801efab6a8c8d32dc66298a29d1dfcc9b737ae5cb96030a6677c1656f80e55304f2a52fd2d
- SSDEEP
  
  6144:oEK25f5ySIcWLsxIIW4DYM6SB6v+qLnAzYmhwrxcvkzmSOpjH:oMpASIcWYx2U6hAJQnQ
Score

10^/10

urelas discovery trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Urelas family
  urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

urelasdiscoverytrojan

behavioral2

urelasdiscoverytrojan