urelas | 8f07bd77f8adbdc6d60691f48f8d23c27aa3e0cbfefcb34a45fb5fb9969896b0 | Triage

Sharing

General

Target

8f07bd77f8adbdc6d60691f48f8d23c27aa3e0cbfefcb34a45fb5fb9969896b0N
Size

80KB
Sample

241104-yp1b1swgrp
MD5

c61565bc7821ad31575c98837e352d30
SHA1

370dee5fcef1eb0171744ed59ab3212ca1ff7a70
SHA256

8f07bd77f8adbdc6d60691f48f8d23c27aa3e0cbfefcb34a45fb5fb9969896b0
SHA512

cd0299653aafc74def46f0d49a56d08e747766b2d60686d985a6cbf65431a45bc918aeb7d3b3b24aaa28c15929af28df40df3ff1f30e917ba7a54fb36d0d74fe
SSDEEP

1536:UOzC0tKyIy9nOM8e5rqYJkdpzCEw2dnU4qv8m:UO9Ro2rqYyXzCEwG2

Score

10^/10

urelas discovery trojan

Malware Config

Extracted

Family

urelas

C2

112.175.88.207

112.175.88.208

Targets

- Target
  
  8f07bd77f8adbdc6d60691f48f8d23c27aa3e0cbfefcb34a45fb5fb9969896b0N
- Size
  
  80KB
- MD5
  
  c61565bc7821ad31575c98837e352d30
- SHA1
  
  370dee5fcef1eb0171744ed59ab3212ca1ff7a70
- SHA256
  
  8f07bd77f8adbdc6d60691f48f8d23c27aa3e0cbfefcb34a45fb5fb9969896b0
- SHA512
  
  cd0299653aafc74def46f0d49a56d08e747766b2d60686d985a6cbf65431a45bc918aeb7d3b3b24aaa28c15929af28df40df3ff1f30e917ba7a54fb36d0d74fe
- SSDEEP
  
  1536:UOzC0tKyIy9nOM8e5rqYJkdpzCEw2dnU4qv8m:UO9Ro2rqYyXzCEwG2
Score

10^/10

urelas discovery trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Urelas family
  urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

urelasdiscoverytrojan

behavioral2

urelasdiscoverytrojan