urelas | 94a7223f69d8c1dee43a0ad6df2f3529e59c0856e8e7d9e7adbc48df9cf19514 | Triage

Sharing

General

Target

94a7223f69d8c1dee43a0ad6df2f3529e59c0856e8e7d9e7adbc48df9cf19514.exe
Size

336KB
Sample

250123-htlreszjgj
MD5

19b406150aae970923a4e9bc42c66055
SHA1

4e9391aa9520c698034cca8a91327ddd600e5a33
SHA256

94a7223f69d8c1dee43a0ad6df2f3529e59c0856e8e7d9e7adbc48df9cf19514
SHA512

f21ac5c482a4089248f113e3048b71c977764a53c2d962ccb4dc81475be4533d32bf496d776f5a9bc806281db5a6db5bb66e045a54047ad550d2cb81553bd1c6
SSDEEP

6144:nvHWrZ+i8/iYiVst4UKVRw8pDrKlGSeNWcx1RsF9gc+XYIcKoH:vHW138/iXWlK885rKlGSekcj66ciI

Score

10^/10

urelas discovery trojan

Malware Config

Extracted

Family

urelas

C2

218.54.31.226

218.54.31.165

218.54.31.166

Targets

- Target
  
  94a7223f69d8c1dee43a0ad6df2f3529e59c0856e8e7d9e7adbc48df9cf19514.exe
- Size
  
  336KB
- MD5
  
  19b406150aae970923a4e9bc42c66055
- SHA1
  
  4e9391aa9520c698034cca8a91327ddd600e5a33
- SHA256
  
  94a7223f69d8c1dee43a0ad6df2f3529e59c0856e8e7d9e7adbc48df9cf19514
- SHA512
  
  f21ac5c482a4089248f113e3048b71c977764a53c2d962ccb4dc81475be4533d32bf496d776f5a9bc806281db5a6db5bb66e045a54047ad550d2cb81553bd1c6
- SSDEEP
  
  6144:nvHWrZ+i8/iYiVst4UKVRw8pDrKlGSeNWcx1RsF9gc+XYIcKoH:vHW138/iXWlK885rKlGSekcj66ciI
Score

10^/10

urelas discovery trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Urelas family
  urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

urelasdiscoverytrojan

behavioral2

urelasdiscoverytrojan