urelas | 2d33010e37e78fbb3ec9f8c89a73207f2e3ff0ab69e1d40261006c6c414c5397 | Triage

Sharing

General

Target

2024-11-23_eead9a03b396523c7f6ab6a44d711617_magniber_qakbot
Size

4.7MB
Sample

241123-yw17wstngt
MD5

eead9a03b396523c7f6ab6a44d711617
SHA1

1491e5d862a98174441b532b77d9c0c97f1259c2
SHA256

2d33010e37e78fbb3ec9f8c89a73207f2e3ff0ab69e1d40261006c6c414c5397
SHA512

b5ec90d6c11b64fd4ba80151f8c9206b0b450109dec05c939f4dfd584b26e717c997a7c30996f5e08fed9f140935446a902d6ac74ddf4997237f9b347d80d724
SSDEEP

49152:a2V7djp+oE2ZjHoZB6EZ88JUUXIEABMRviTURcx:a2V7NpW6Y6joUV

Score

10^/10

urelas discovery trojan

Malware Config

Extracted

Family

urelas

C2

121.88.5.183

218.54.30.235

121.88.5.181

112.223.217.101

Targets

- Target
  
  2024-11-23_eead9a03b396523c7f6ab6a44d711617_magniber_qakbot
- Size
  
  4.7MB
- MD5
  
  eead9a03b396523c7f6ab6a44d711617
- SHA1
  
  1491e5d862a98174441b532b77d9c0c97f1259c2
- SHA256
  
  2d33010e37e78fbb3ec9f8c89a73207f2e3ff0ab69e1d40261006c6c414c5397
- SHA512
  
  b5ec90d6c11b64fd4ba80151f8c9206b0b450109dec05c939f4dfd584b26e717c997a7c30996f5e08fed9f140935446a902d6ac74ddf4997237f9b347d80d724
- SSDEEP
  
  49152:a2V7djp+oE2ZjHoZB6EZ88JUUXIEABMRviTURcx:a2V7NpW6Y6joUV
Score

10^/10

urelas discovery trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Urelas family
  urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

urelasdiscoverytrojan

behavioral2

urelasdiscoverytrojan