urelas | 847061db7914b63a72f8ac0b3bbb0726e2e35cdd97ffc9c12158e585a2f83b8d | Triage

Sharing

General

Target

847061db7914b63a72f8ac0b3bbb0726e2e35cdd97ffc9c12158e585a2f83b8dN.exe
Size

335KB
Sample

241208-bf3dpayrgq
MD5

a22fbfce60dfe222e0b61763b913d860
SHA1

d19007a17a6a53bdd96a70a6172f25a0e2009595
SHA256

847061db7914b63a72f8ac0b3bbb0726e2e35cdd97ffc9c12158e585a2f83b8d
SHA512

b642e2885b8dfca1bdbdd81dbc402e3aa20950c22ca1de9bf3905784877128a33cdb3948d8ce328c65bfab74961006ab073f2de65309a8cfa3141c27e5fb9953
SSDEEP

6144:nvHWrZ+i8/iYiVst4UKVRw8pDrKlGSeNWcx1RsF9gc+XYIo:vHW138/iXWlK885rKlGSekcj66cii

Score

10^/10

urelas discovery trojan

Malware Config

Extracted

Family

urelas

C2

218.54.31.226

218.54.31.165

218.54.31.166

Targets

- Target
  
  847061db7914b63a72f8ac0b3bbb0726e2e35cdd97ffc9c12158e585a2f83b8dN.exe
- Size
  
  335KB
- MD5
  
  a22fbfce60dfe222e0b61763b913d860
- SHA1
  
  d19007a17a6a53bdd96a70a6172f25a0e2009595
- SHA256
  
  847061db7914b63a72f8ac0b3bbb0726e2e35cdd97ffc9c12158e585a2f83b8d
- SHA512
  
  b642e2885b8dfca1bdbdd81dbc402e3aa20950c22ca1de9bf3905784877128a33cdb3948d8ce328c65bfab74961006ab073f2de65309a8cfa3141c27e5fb9953
- SSDEEP
  
  6144:nvHWrZ+i8/iYiVst4UKVRw8pDrKlGSeNWcx1RsF9gc+XYIo:vHW138/iXWlK885rKlGSekcj66cii
Score

10^/10

urelas discovery trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Urelas family
  urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

urelasdiscoverytrojan

behavioral2

urelasdiscoverytrojan