urelas | 9b9fcae8338d9b592efd5542a5f2f94035efc4607e1a862e31950d12acb062f4 | Triage

Sharing

General

Target

ac59e3715f8dae42406952e8ec759320N.exe
Size

59KB
Sample

240805-tjz2va1ejk
MD5

ac59e3715f8dae42406952e8ec759320
SHA1

72be58e71f351834893c188f4e88349b50467d89
SHA256

9b9fcae8338d9b592efd5542a5f2f94035efc4607e1a862e31950d12acb062f4
SHA512

a984432cfe114c588a35f03e3f87ac099a781bd9998cc6c57418c96ffc9af6c12106ac67955d0d8c0c47bb7330ca8747ddad3038c1671a82ece6162d874317d3
SSDEEP

1536:xAVpYPLsUDbXUzzqNANl9isgM5myeteYOH3p4Pel9u:GVpYPx3S2K3ks3ff3p409u

Score

10^/10

urelas discovery trojan

Malware Config

Extracted

Family

urelas

C2

112.175.88.207

112.175.88.208

Targets

- Target
  
  ac59e3715f8dae42406952e8ec759320N.exe
- Size
  
  59KB
- MD5
  
  ac59e3715f8dae42406952e8ec759320
- SHA1
  
  72be58e71f351834893c188f4e88349b50467d89
- SHA256
  
  9b9fcae8338d9b592efd5542a5f2f94035efc4607e1a862e31950d12acb062f4
- SHA512
  
  a984432cfe114c588a35f03e3f87ac099a781bd9998cc6c57418c96ffc9af6c12106ac67955d0d8c0c47bb7330ca8747ddad3038c1671a82ece6162d874317d3
- SSDEEP
  
  1536:xAVpYPLsUDbXUzzqNANl9isgM5myeteYOH3p4Pel9u:GVpYPx3S2K3ks3ff3p409u
Score

10^/10

urelas discovery trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

urelasdiscoverytrojan

behavioral2

urelasdiscoverytrojan