urelas | 867bc8dab98e5bcff1eb1efc0f2607b716bc6c50c164ff60f9aa0b62dd13a475 | Triage

Sharing

General

Target

867bc8dab98e5bcff1eb1efc0f2607b716bc6c50c164ff60f9aa0b62dd13a475.exe
Size

334KB
Sample

241207-m8zn2svrdk
MD5

df6e60a4cbcb0faa1896dafa79456ec4
SHA1

0ce30fa510455d1760194695c392da1fc98b1bf7
SHA256

867bc8dab98e5bcff1eb1efc0f2607b716bc6c50c164ff60f9aa0b62dd13a475
SHA512

d95c746b28cefa538321e321d032a365cc85f9281b89a60c32a9512087cfc87db939373d9477118f1e943b34eda8a0b6df8e8241522904e5913b8b9c235b03d2
SSDEEP

6144:nvHWrZ+i8/iYiVst4UKVRw8pDrKlGSeNWcx1RsF9gc+XYm:vHW138/iXWlK885rKlGSekcj66ciz

Score

10^/10

urelas discovery trojan

Malware Config

Extracted

Family

urelas

C2

218.54.31.226

218.54.31.165

218.54.31.166

Targets

- Target
  
  867bc8dab98e5bcff1eb1efc0f2607b716bc6c50c164ff60f9aa0b62dd13a475.exe
- Size
  
  334KB
- MD5
  
  df6e60a4cbcb0faa1896dafa79456ec4
- SHA1
  
  0ce30fa510455d1760194695c392da1fc98b1bf7
- SHA256
  
  867bc8dab98e5bcff1eb1efc0f2607b716bc6c50c164ff60f9aa0b62dd13a475
- SHA512
  
  d95c746b28cefa538321e321d032a365cc85f9281b89a60c32a9512087cfc87db939373d9477118f1e943b34eda8a0b6df8e8241522904e5913b8b9c235b03d2
- SSDEEP
  
  6144:nvHWrZ+i8/iYiVst4UKVRw8pDrKlGSeNWcx1RsF9gc+XYm:vHW138/iXWlK885rKlGSekcj66ciz
Score

10^/10

urelas discovery trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Urelas family
  urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

urelasdiscoverytrojan

behavioral2

urelasdiscoverytrojan