urelas | c8b303a8dabb47fd309852f61c4420885d8026ad14961be4c55e87648359f575 | Triage

Sharing

General

Target

c8b303a8dabb47fd309852f61c4420885d8026ad14961be4c55e87648359f575.exe
Size

404KB
Sample

241123-p8hfwa1qal
MD5

23d53c8936d16e416de883e300620714
SHA1

816dab331e13bc7e762fe53ac1b849022cddfd7c
SHA256

c8b303a8dabb47fd309852f61c4420885d8026ad14961be4c55e87648359f575
SHA512

3c85397e03a11f94fc7f1e895d8c2d4748f8f6fac7ab4ef391ea77d13b4772ba685d97db461684a9e8be59c24d974ef94f3dd95ff390c080b6798fd19447cfb6
SSDEEP

6144:85SXvBoDWoyLYyzbkPC4DYM6SB6v+qLnAzYmhwrxcvkzmSBrohi:8IfBoDWoyFblU6hAJQnOc

Score

10^/10

urelas discovery trojan

Malware Config

Extracted

Family

urelas

C2

218.54.31.165

218.54.31.226

Targets

- Target
  
  c8b303a8dabb47fd309852f61c4420885d8026ad14961be4c55e87648359f575.exe
- Size
  
  404KB
- MD5
  
  23d53c8936d16e416de883e300620714
- SHA1
  
  816dab331e13bc7e762fe53ac1b849022cddfd7c
- SHA256
  
  c8b303a8dabb47fd309852f61c4420885d8026ad14961be4c55e87648359f575
- SHA512
  
  3c85397e03a11f94fc7f1e895d8c2d4748f8f6fac7ab4ef391ea77d13b4772ba685d97db461684a9e8be59c24d974ef94f3dd95ff390c080b6798fd19447cfb6
- SSDEEP
  
  6144:85SXvBoDWoyLYyzbkPC4DYM6SB6v+qLnAzYmhwrxcvkzmSBrohi:8IfBoDWoyFblU6hAJQnOc
Score

10^/10

urelas discovery trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Urelas family
  urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

urelasdiscoverytrojan

behavioral2

urelasdiscoverytrojan