urelas | 0c6c40a2fdb6c1cfbd1affbe96e2db4ee097e24452b4542c7ebcd7cb5df9daa3 | Triage

Sharing

General

Target

0c6c40a2fdb6c1cfbd1affbe96e2db4ee097e24452b4542c7ebcd7cb5df9daa3.exe
Size

593KB
Sample

250122-3rnhfssnbm
MD5

9474fecc38dce4cd41032608f2ceb528
SHA1

8f5ab9143beadf50ac100f9acc972b255f668055
SHA256

0c6c40a2fdb6c1cfbd1affbe96e2db4ee097e24452b4542c7ebcd7cb5df9daa3
SHA512

db95e17a11b74ee77a8ab15118a39ed677e84d8456c0b2a051592a6428a543ef611abed3c48c975c222332f53b86338080c95b8cec0eca1746cd576dadfdefa6
SSDEEP

6144:CZKHKSIl0SatLPTUrjBpAs/mpYIqaaUN44Iq766ztAkOHn0LHZRF:C4jm0Sat7Az/gZvTIq2WKkw0FT

Score

10^/10

urelas discovery trojan

Malware Config

Extracted

Family

urelas

C2

1.234.83.146

133.242.129.155

218.54.31.165

218.54.31.226

Targets

- Target
  
  0c6c40a2fdb6c1cfbd1affbe96e2db4ee097e24452b4542c7ebcd7cb5df9daa3.exe
- Size
  
  593KB
- MD5
  
  9474fecc38dce4cd41032608f2ceb528
- SHA1
  
  8f5ab9143beadf50ac100f9acc972b255f668055
- SHA256
  
  0c6c40a2fdb6c1cfbd1affbe96e2db4ee097e24452b4542c7ebcd7cb5df9daa3
- SHA512
  
  db95e17a11b74ee77a8ab15118a39ed677e84d8456c0b2a051592a6428a543ef611abed3c48c975c222332f53b86338080c95b8cec0eca1746cd576dadfdefa6
- SSDEEP
  
  6144:CZKHKSIl0SatLPTUrjBpAs/mpYIqaaUN44Iq766ztAkOHn0LHZRF:C4jm0Sat7Az/gZvTIq2WKkw0FT
Score

10^/10

urelas discovery trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Urelas family
  urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

urelasdiscoverytrojan

behavioral2

urelasdiscoverytrojan