urelas | 046f13c3e6ff4b7bbbcae88e5019d32dfef6475b968b45d5341974d213f4335f | Triage

Sharing

General

Target

046f13c3e6ff4b7bbbcae88e5019d32dfef6475b968b45d5341974d213f4335fN.exe
Size

57KB
Sample

250116-28j1xstma1
MD5

285308562ad6dc36c6467f77c0893400
SHA1

0fbc48370821de4d4d752cf198c1f9c59e8ec021
SHA256

046f13c3e6ff4b7bbbcae88e5019d32dfef6475b968b45d5341974d213f4335f
SHA512

ef1b5d3032467decf7d26059ae1948aa91d83d2faa3488bf4b63572cf408492815a30ab7f7a4693d37da6228eae3dd45c85359a0d876c76a0cb16f2ff41be1d7
SSDEEP

1536:amZ+4hcuX5uZ79jmvFQTXnz9yQ/PFBhl17:amZ+luXwy2f9LDhD7

Score

10^/10

urelas discovery trojan

Malware Config

Extracted

Family

urelas

C2

218.54.47.76

218.54.47.77

218.54.47.74

Targets

- Target
  
  046f13c3e6ff4b7bbbcae88e5019d32dfef6475b968b45d5341974d213f4335fN.exe
- Size
  
  57KB
- MD5
  
  285308562ad6dc36c6467f77c0893400
- SHA1
  
  0fbc48370821de4d4d752cf198c1f9c59e8ec021
- SHA256
  
  046f13c3e6ff4b7bbbcae88e5019d32dfef6475b968b45d5341974d213f4335f
- SHA512
  
  ef1b5d3032467decf7d26059ae1948aa91d83d2faa3488bf4b63572cf408492815a30ab7f7a4693d37da6228eae3dd45c85359a0d876c76a0cb16f2ff41be1d7
- SSDEEP
  
  1536:amZ+4hcuX5uZ79jmvFQTXnz9yQ/PFBhl17:amZ+luXwy2f9LDhD7
Score

10^/10

urelas discovery trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Urelas family
  urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

urelasdiscoverytrojan

behavioral2

urelasdiscoverytrojan