urelas | f3b3cac35836b451d0d21caec72d14f4af09d570bbc40338a2f5f5c4e49f1af9 | Triage

Sharing

General

Target

f3b3cac35836b451d0d21caec72d14f4af09d570bbc40338a2f5f5c4e49f1af9
Size

163KB
Sample

241124-frlbrsvqfy
MD5

2502c7aa51d92692b9449d0fa1edb0ae
SHA1

10b042db80182b8130968cf5d3936dfec7520c51
SHA256

f3b3cac35836b451d0d21caec72d14f4af09d570bbc40338a2f5f5c4e49f1af9
SHA512

5d419fdd7e553906466fb7a23aa2c838bff8990971dc929ec9bfe7fd210e99a1360b6d770adeb16fb88e817de2b70ff8d54e2e628f2c90c565f5f0fc3d3dcb32
SSDEEP

1536:GRwT8ukP5sZK20EGIBpwW6NeleEQ77nuUWXJmU2AjpZWoI23A4tHF:APuk8QsH47nW5ppsoI23A4f

Score

10^/10

urelas discovery trojan

Malware Config

Extracted

Family

urelas

C2

112.175.88.207

112.175.88.208

Targets

- Target
  
  f3b3cac35836b451d0d21caec72d14f4af09d570bbc40338a2f5f5c4e49f1af9
- Size
  
  163KB
- MD5
  
  2502c7aa51d92692b9449d0fa1edb0ae
- SHA1
  
  10b042db80182b8130968cf5d3936dfec7520c51
- SHA256
  
  f3b3cac35836b451d0d21caec72d14f4af09d570bbc40338a2f5f5c4e49f1af9
- SHA512
  
  5d419fdd7e553906466fb7a23aa2c838bff8990971dc929ec9bfe7fd210e99a1360b6d770adeb16fb88e817de2b70ff8d54e2e628f2c90c565f5f0fc3d3dcb32
- SSDEEP
  
  1536:GRwT8ukP5sZK20EGIBpwW6NeleEQ77nuUWXJmU2AjpZWoI23A4tHF:APuk8QsH47nW5ppsoI23A4f
Score

10^/10

urelas discovery trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Urelas family
  urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

urelasdiscoverytrojan

behavioral2

urelasdiscoverytrojan