urelas | 084be61c6eb8252d5e2712badce7f4561518bce50c0c088ec74a9cd7ff9963db | Triage

Sharing

General

Target

084be61c6eb8252d5e2712badce7f4561518bce50c0c088ec74a9cd7ff9963dbN.exe
Size

336KB
Sample

250122-q9qz3szrar
MD5

1b86aa4c7c6b949ca2bb3f9dcb7da180
SHA1

03f2fb8c4293107e31ea4bd79caa450f2481bc5b
SHA256

084be61c6eb8252d5e2712badce7f4561518bce50c0c088ec74a9cd7ff9963db
SHA512

3f4ff90189221e07ca303fab43df3d9056f7fdce115af757c268450d904968537abd370e4000261ec5b82394d563bfe6c27555386b75987d4ec1a0b396a556c3
SSDEEP

6144:nvHWrZ+i8/iYiVst4UKVRw8pDrKlGSeNWcx1RsF9gc+XYIcV8:vHW138/iXWlK885rKlGSekcj66cil

Score

10^/10

urelas discovery trojan

Malware Config

Extracted

Family

urelas

C2

218.54.31.226

218.54.31.165

218.54.31.166

Targets

- Target
  
  084be61c6eb8252d5e2712badce7f4561518bce50c0c088ec74a9cd7ff9963dbN.exe
- Size
  
  336KB
- MD5
  
  1b86aa4c7c6b949ca2bb3f9dcb7da180
- SHA1
  
  03f2fb8c4293107e31ea4bd79caa450f2481bc5b
- SHA256
  
  084be61c6eb8252d5e2712badce7f4561518bce50c0c088ec74a9cd7ff9963db
- SHA512
  
  3f4ff90189221e07ca303fab43df3d9056f7fdce115af757c268450d904968537abd370e4000261ec5b82394d563bfe6c27555386b75987d4ec1a0b396a556c3
- SSDEEP
  
  6144:nvHWrZ+i8/iYiVst4UKVRw8pDrKlGSeNWcx1RsF9gc+XYIcV8:vHW138/iXWlK885rKlGSekcj66cil
Score

10^/10

urelas discovery trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Urelas family
  urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

urelasdiscoverytrojan

behavioral2

urelasdiscoverytrojan