urelas | b5739f9f77f4d441e2cafae7e5dba625a8e1af05fc4fe99d0e389e3d54031a9b | Triage

Sharing

General

Target

b5739f9f77f4d441e2cafae7e5dba625a8e1af05fc4fe99d0e389e3d54031a9bN.exe
Size

438KB
Sample

250122-ds4hmawlfn
MD5

907a7c014075a0d066ad206782bbf680
SHA1

41abe41ffd64ae14464e644b0bffa377307cea9d
SHA256

b5739f9f77f4d441e2cafae7e5dba625a8e1af05fc4fe99d0e389e3d54031a9b
SHA512

3792bff1b27cf0a42263b9bf5d82f94f3d5e1bf91f130e459751caeedd692635c06c01f5c067e1ebdb851e368be1b1247d040a3aa57ed9fb228a65d6d40e75fe
SSDEEP

6144:oo3wBi+1Py3V0a2WkRNgi3caOHO5NjEwwiYWB5mV4Pzw9ygibGGMMe:rKf1PyKa2H3hOHOHz9JQ6zBk

Score

10^/10

urelas discovery trojan

Malware Config

Extracted

Family

urelas

C2

1.234.83.146

133.242.129.155

218.54.31.165

218.54.31.226

Targets

- Target
  
  b5739f9f77f4d441e2cafae7e5dba625a8e1af05fc4fe99d0e389e3d54031a9bN.exe
- Size
  
  438KB
- MD5
  
  907a7c014075a0d066ad206782bbf680
- SHA1
  
  41abe41ffd64ae14464e644b0bffa377307cea9d
- SHA256
  
  b5739f9f77f4d441e2cafae7e5dba625a8e1af05fc4fe99d0e389e3d54031a9b
- SHA512
  
  3792bff1b27cf0a42263b9bf5d82f94f3d5e1bf91f130e459751caeedd692635c06c01f5c067e1ebdb851e368be1b1247d040a3aa57ed9fb228a65d6d40e75fe
- SSDEEP
  
  6144:oo3wBi+1Py3V0a2WkRNgi3caOHO5NjEwwiYWB5mV4Pzw9ygibGGMMe:rKf1PyKa2H3hOHOHz9JQ6zBk
Score

10^/10

urelas discovery trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Urelas family
  urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

urelasdiscoverytrojan

behavioral2

urelasdiscoverytrojan