urelas | c4b0da97081bbd6b38a6846a2c1ec11053284f4a0c9f60221162504de3805a41 | Triage

Sharing

General

Target

c4b0da97081bbd6b38a6846a2c1ec11053284f4a0c9f60221162504de3805a41N.exe
Size

393KB
Sample

250124-q15f4ssper
MD5

baf1c83a71668c7062697d1932dc9600
SHA1

e8e847248336c84713dd50effb6c8c38d74edacf
SHA256

c4b0da97081bbd6b38a6846a2c1ec11053284f4a0c9f60221162504de3805a41
SHA512

b012ee52a44e6398ea65605345a22cfca7d8b2fa9dcd527e58c970e620f268367f46ee9f7a1cba46cfdf21739887534d3943e605de3548145ca397d42f046a6a
SSDEEP

6144:y5SXvBoDWoyLYyzbpPC4DYM6SB6v+qLnAzYmhwrxcvkzmSBrB2:yIfBoDWoyFboU6hAJQnr2

Score

10^/10

urelas discovery trojan

Malware Config

Extracted

Family

urelas

C2

218.54.31.165

218.54.31.226

Targets

- Target
  
  c4b0da97081bbd6b38a6846a2c1ec11053284f4a0c9f60221162504de3805a41N.exe
- Size
  
  393KB
- MD5
  
  baf1c83a71668c7062697d1932dc9600
- SHA1
  
  e8e847248336c84713dd50effb6c8c38d74edacf
- SHA256
  
  c4b0da97081bbd6b38a6846a2c1ec11053284f4a0c9f60221162504de3805a41
- SHA512
  
  b012ee52a44e6398ea65605345a22cfca7d8b2fa9dcd527e58c970e620f268367f46ee9f7a1cba46cfdf21739887534d3943e605de3548145ca397d42f046a6a
- SSDEEP
  
  6144:y5SXvBoDWoyLYyzbpPC4DYM6SB6v+qLnAzYmhwrxcvkzmSBrB2:yIfBoDWoyFboU6hAJQnr2
Score

10^/10

urelas discovery trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Urelas family
  urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

urelasdiscoverytrojan

behavioral2

urelasdiscoverytrojan