urelas | 951cb0160c564c0f92cf2021a975ba8e2a3ede22c71d0c587f0a2a0099d6f660 | Triage

Sharing

General

Target

951cb0160c564c0f92cf2021a975ba8e2a3ede22c71d0c587f0a2a0099d6f660N
Size

80KB
Sample

241027-x6yn3s1dna
MD5

6375d5ab94a770c3c86ec99605f067b0
SHA1

aae72a2cdd81b14b535417cf4686f0b0e1861083
SHA256

951cb0160c564c0f92cf2021a975ba8e2a3ede22c71d0c587f0a2a0099d6f660
SHA512

2cdaa52e283079a49d6ae1bf969fea2b572990d5c9eed7423db533e9f7c1cf935f1e78a788521c365d8261318dfb4c031f1168bfa78347f941c10fd4f85a99d3
SSDEEP

1536:UOzC0tKyIy9nOM8e5rqYJkdpzCEw2dnU4qvHH:UO9Ro2rqYyXzCEwGU

Score

10^/10

urelas discovery trojan

Malware Config

Extracted

Family

urelas

C2

112.175.88.207

112.175.88.208

Targets

- Target
  
  951cb0160c564c0f92cf2021a975ba8e2a3ede22c71d0c587f0a2a0099d6f660N
- Size
  
  80KB
- MD5
  
  6375d5ab94a770c3c86ec99605f067b0
- SHA1
  
  aae72a2cdd81b14b535417cf4686f0b0e1861083
- SHA256
  
  951cb0160c564c0f92cf2021a975ba8e2a3ede22c71d0c587f0a2a0099d6f660
- SHA512
  
  2cdaa52e283079a49d6ae1bf969fea2b572990d5c9eed7423db533e9f7c1cf935f1e78a788521c365d8261318dfb4c031f1168bfa78347f941c10fd4f85a99d3
- SSDEEP
  
  1536:UOzC0tKyIy9nOM8e5rqYJkdpzCEw2dnU4qvHH:UO9Ro2rqYyXzCEwGU
Score

10^/10

urelas discovery trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Urelas family
  urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

urelasdiscoverytrojan

behavioral2

urelasdiscoverytrojan