urelas | 605a69e8e29d36e72a7aa2bc021f9140762c166d2a254fb9a6d5346e38ec7b97 | Triage

Sharing

General

Target

605a69e8e29d36e72a7aa2bc021f9140762c166d2a254fb9a6d5346e38ec7b97N.exe
Size

592KB
Sample

241206-l7j2jayjaj
MD5

e4a8a7b2157919d1514b7326d9fbfe80
SHA1

957b115b1c3d866d3bf1c8c9c6fa9dfec955b7f9
SHA256

605a69e8e29d36e72a7aa2bc021f9140762c166d2a254fb9a6d5346e38ec7b97
SHA512

b9e1579c06eaa8c65f6feecb82a28ec35121c6e9cdf436b87d9120fb9c2c18bfbcbe305860a8f044c2ba225d8f969ca0cc94179554ef7a06f504235ad11b33e3
SSDEEP

6144:CZKHKSIl0SatLPTUrjBpAs/mpYIqaaUN44Iq766ztAkOHn0LHZRi:C4jm0Sat7Az/gZvTIq2WKkw0Fg

Score

10^/10

urelas discovery trojan

Malware Config

Extracted

Family

urelas

C2

1.234.83.146

133.242.129.155

218.54.31.165

218.54.31.226

Targets

- Target
  
  605a69e8e29d36e72a7aa2bc021f9140762c166d2a254fb9a6d5346e38ec7b97N.exe
- Size
  
  592KB
- MD5
  
  e4a8a7b2157919d1514b7326d9fbfe80
- SHA1
  
  957b115b1c3d866d3bf1c8c9c6fa9dfec955b7f9
- SHA256
  
  605a69e8e29d36e72a7aa2bc021f9140762c166d2a254fb9a6d5346e38ec7b97
- SHA512
  
  b9e1579c06eaa8c65f6feecb82a28ec35121c6e9cdf436b87d9120fb9c2c18bfbcbe305860a8f044c2ba225d8f969ca0cc94179554ef7a06f504235ad11b33e3
- SSDEEP
  
  6144:CZKHKSIl0SatLPTUrjBpAs/mpYIqaaUN44Iq766ztAkOHn0LHZRi:C4jm0Sat7Az/gZvTIq2WKkw0Fg
Score

10^/10

urelas discovery trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Urelas family
  urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

urelasdiscoverytrojan

behavioral2

urelasdiscoverytrojan