urelas | 4af9cc7061bb604a8091424c394ac23aaf16e7031ecdb9048714cc89c64745d6 | Triage

Sharing

General

Target

4af9cc7061bb604a8091424c394ac23aaf16e7031ecdb9048714cc89c64745d6N.exe
Size

335KB
Sample

250122-h5h5nsvlct
MD5

8e592493f4396101c59cc31a5176b580
SHA1

a982d8305da273c5517f3cd35176c8146ee97bb4
SHA256

4af9cc7061bb604a8091424c394ac23aaf16e7031ecdb9048714cc89c64745d6
SHA512

8d7adf013194a3d1507d05956996a05f3e961816f6df800f5cf9e97499b9ee7393dd6d3d4544131eeff513cd1cc44a2cf2e024c19355090a1b48c966a99d6164
SSDEEP

6144:nvHWrZ+i8/iYiVst4UKVRw8pDrKlGSeNWcx1RsF9gc+XYIrY:vHW138/iXWlK885rKlGSekcj66ciy

Score

10^/10

urelas discovery trojan

Malware Config

Extracted

Family

urelas

C2

218.54.31.226

218.54.31.165

218.54.31.166

Targets

- Target
  
  4af9cc7061bb604a8091424c394ac23aaf16e7031ecdb9048714cc89c64745d6N.exe
- Size
  
  335KB
- MD5
  
  8e592493f4396101c59cc31a5176b580
- SHA1
  
  a982d8305da273c5517f3cd35176c8146ee97bb4
- SHA256
  
  4af9cc7061bb604a8091424c394ac23aaf16e7031ecdb9048714cc89c64745d6
- SHA512
  
  8d7adf013194a3d1507d05956996a05f3e961816f6df800f5cf9e97499b9ee7393dd6d3d4544131eeff513cd1cc44a2cf2e024c19355090a1b48c966a99d6164
- SSDEEP
  
  6144:nvHWrZ+i8/iYiVst4UKVRw8pDrKlGSeNWcx1RsF9gc+XYIrY:vHW138/iXWlK885rKlGSekcj66ciy
Score

10^/10

urelas discovery trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Urelas family
  urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

urelasdiscoverytrojan

behavioral2

urelasdiscoverytrojan