urelas | 6db46f5209af5f0723c22fc474f524eaa27141d4b2009ef0ac06d98b03bcc9c8 | Triage

Sharing

General

Target

6db46f5209af5f0723c22fc474f524eaa27141d4b2009ef0ac06d98b03bcc9c8.exe
Size

169KB
Sample

241124-k6q8sayrfp
MD5

d888942a5749ed544df0099ee0350f8d
SHA1

a23c9a6a0f5eed6c9df3c93aa575a7566388797c
SHA256

6db46f5209af5f0723c22fc474f524eaa27141d4b2009ef0ac06d98b03bcc9c8
SHA512

6ee3f3e0f3ea4847a359f91cefb0cd0bd14536211943c616f4aeb5db4635d04226e0ebe4f3d962032476f43203102e74f5e4dd077f3f1a9080715e5d73e96b99
SSDEEP

1536:eADA0Wbt1931D2P7BWLQ4zR4LUKMcPHFE3HP/GTW65CGEgvpxyTf/k:eADA0Wc7UJ6LZMaHLW65DE8pxWE

Score

10^/10

urelas discovery trojan

Malware Config

Extracted

Family

urelas

C2

112.175.88.208

112.175.88.207

Targets

- Target
  
  6db46f5209af5f0723c22fc474f524eaa27141d4b2009ef0ac06d98b03bcc9c8.exe
- Size
  
  169KB
- MD5
  
  d888942a5749ed544df0099ee0350f8d
- SHA1
  
  a23c9a6a0f5eed6c9df3c93aa575a7566388797c
- SHA256
  
  6db46f5209af5f0723c22fc474f524eaa27141d4b2009ef0ac06d98b03bcc9c8
- SHA512
  
  6ee3f3e0f3ea4847a359f91cefb0cd0bd14536211943c616f4aeb5db4635d04226e0ebe4f3d962032476f43203102e74f5e4dd077f3f1a9080715e5d73e96b99
- SSDEEP
  
  1536:eADA0Wbt1931D2P7BWLQ4zR4LUKMcPHFE3HP/GTW65CGEgvpxyTf/k:eADA0Wc7UJ6LZMaHLW65DE8pxWE
Score

10^/10

urelas discovery trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Urelas family
  urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

urelasdiscoverytrojan

behavioral2

urelasdiscoverytrojan