urelas | ece26131038c913431cc219007176d4fe8351fb4c20f78c05e93e4bc71370f81 | Triage

Sharing

General

Target

ece26131038c913431cc219007176d4fe8351fb4c20f78c05e93e4bc71370f81N.exe
Size

512KB
Sample

241210-lvqnjsspa1
MD5

ade6d6f7f467d686639210f197f53340
SHA1

dde698446fb9a96fa5fdd7dd496d2306c2d8c8a0
SHA256

ece26131038c913431cc219007176d4fe8351fb4c20f78c05e93e4bc71370f81
SHA512

7658ab7f82c6080a3c43d185f84b68142765fa1679cb88c3def0dd8fec1b606f2dbdd263dbff78f48465e852bc22fc896ce9df48de8689e9c70976c12cd311e3
SSDEEP

12288:3o7CGWcQSyYI2VrFKH5RBv9AQ1pEDdKo0:3MUv2LAv9AQ1p4dKV

Score

10^/10

urelas discovery trojan

Malware Config

Extracted

Family

urelas

C2

218.54.31.226

218.54.31.165

218.54.31.166

Targets

- Target
  
  ece26131038c913431cc219007176d4fe8351fb4c20f78c05e93e4bc71370f81N.exe
- Size
  
  512KB
- MD5
  
  ade6d6f7f467d686639210f197f53340
- SHA1
  
  dde698446fb9a96fa5fdd7dd496d2306c2d8c8a0
- SHA256
  
  ece26131038c913431cc219007176d4fe8351fb4c20f78c05e93e4bc71370f81
- SHA512
  
  7658ab7f82c6080a3c43d185f84b68142765fa1679cb88c3def0dd8fec1b606f2dbdd263dbff78f48465e852bc22fc896ce9df48de8689e9c70976c12cd311e3
- SSDEEP
  
  12288:3o7CGWcQSyYI2VrFKH5RBv9AQ1pEDdKo0:3MUv2LAv9AQ1p4dKV
Score

10^/10

urelas discovery trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Urelas family
  urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

urelasdiscoverytrojan

behavioral2

urelasdiscoverytrojan