urelas | 4befb8512f82418b0e0aa461dc0f5492863888034f836fe0a63d3b89034915e4 | Triage

Sharing

General

Target

4befb8512f82418b0e0aa461dc0f5492863888034f836fe0a63d3b89034915e4N.exe
Size

335KB
Sample

241206-jda6eswqbw
MD5

6b6d7280b40ecf8da84985d92247e200
SHA1

1ef07cafa873cdb3e748558ea6a92ff890757612
SHA256

4befb8512f82418b0e0aa461dc0f5492863888034f836fe0a63d3b89034915e4
SHA512

736c7e889bd4a8d957a25c6491532c8420edf0ff6f1f28e573cac3aa17cf11999caa793648d03e4c071f6a8fc63676067f5c67da89ce4604c1e9fc14ea43a3b9
SSDEEP

6144:nvHWrZ+i8/iYiVst4UKVRw8pDrKlGSeNWcx1RsF9gc+XYVV0:vHW138/iXWlK885rKlGSekcj66ciEV0

Score

10^/10

urelas discovery trojan

Malware Config

Extracted

Family

urelas

C2

218.54.31.226

218.54.31.165

218.54.31.166

Targets

- Target
  
  4befb8512f82418b0e0aa461dc0f5492863888034f836fe0a63d3b89034915e4N.exe
- Size
  
  335KB
- MD5
  
  6b6d7280b40ecf8da84985d92247e200
- SHA1
  
  1ef07cafa873cdb3e748558ea6a92ff890757612
- SHA256
  
  4befb8512f82418b0e0aa461dc0f5492863888034f836fe0a63d3b89034915e4
- SHA512
  
  736c7e889bd4a8d957a25c6491532c8420edf0ff6f1f28e573cac3aa17cf11999caa793648d03e4c071f6a8fc63676067f5c67da89ce4604c1e9fc14ea43a3b9
- SSDEEP
  
  6144:nvHWrZ+i8/iYiVst4UKVRw8pDrKlGSeNWcx1RsF9gc+XYVV0:vHW138/iXWlK885rKlGSekcj66ciEV0
Score

10^/10

urelas discovery trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Urelas family
  urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

urelasdiscoverytrojan

behavioral2

urelasdiscoverytrojan