urelas | a60d0151db3fdf2298f6403dd7c1dcdb8ff98f58a6cf0b5d1964d872c5a5aed5 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2024-11-23_b35688f4cb99ac6061ed9355032c2596_magniber_qakbot
Size

4.7MB
Sample

241123-ynt4lszmaq
MD5

b35688f4cb99ac6061ed9355032c2596
SHA1

f421cb20a25e9b741eb52af3ffb4fe05de7f3ee8
SHA256

a60d0151db3fdf2298f6403dd7c1dcdb8ff98f58a6cf0b5d1964d872c5a5aed5
SHA512

b1843fe20550ee0c404482a24dde93b1c12bf528b943d8a24505d1ebb6f2036bb662de9a15776eb706eb2e895d22ab6744bfe3da2881784c3c9e7948fea13cbd
SSDEEP

49152:a2V7djp+oE2ZjHoZB6EZ88JUUXIEABMRviTURcY:a2V7NpW6Y6joUM

Score

10^/10

urelas discovery trojan

Malware Config

Extracted

Family

urelas

C2

121.88.5.183

218.54.30.235

121.88.5.181

112.223.217.101

Targets

- Target
  
  2024-11-23_b35688f4cb99ac6061ed9355032c2596_magniber_qakbot
- Size
  
  4.7MB
- MD5
  
  b35688f4cb99ac6061ed9355032c2596
- SHA1
  
  f421cb20a25e9b741eb52af3ffb4fe05de7f3ee8
- SHA256
  
  a60d0151db3fdf2298f6403dd7c1dcdb8ff98f58a6cf0b5d1964d872c5a5aed5
- SHA512
  
  b1843fe20550ee0c404482a24dde93b1c12bf528b943d8a24505d1ebb6f2036bb662de9a15776eb706eb2e895d22ab6744bfe3da2881784c3c9e7948fea13cbd
- SSDEEP
  
  49152:a2V7djp+oE2ZjHoZB6EZ88JUUXIEABMRviTURcY:a2V7NpW6Y6joUM
Score

10^/10

urelas discovery trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Urelas family
  urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

urelasdiscoverytrojan

behavioral2

urelasdiscoverytrojan