urelas | 5a25b6a022c98a9c70a3b38394370dd1c94a9f56593b5e8a167b0c6290e7c757 | Triage

Sharing

General

Target

5a25b6a022c98a9c70a3b38394370dd1c94a9f56593b5e8a167b0c6290e7c757.exe
Size

537KB
Sample

241123-yy9l2stqas
MD5

d20fee1a424647bee9f78e3942ba37f9
SHA1

a2c0bf2a4ce15eb5a151eadd37a1d51e9e87e3ac
SHA256

5a25b6a022c98a9c70a3b38394370dd1c94a9f56593b5e8a167b0c6290e7c757
SHA512

9bb9a502cee133b023d26d23e28a1037cb41f896e5c80e7e97f6e78eec42e53dceae1fa7600a9cd0bb9adb73b06f28be6442cb1eaada08de9afff8571a2b0e5f
SSDEEP

12288:q0nPhglq2Uyt4R/b2G/0hznQGoexBU/NPH:q0P/k4lb2wKatH

Score

10^/10

urelas discovery trojan

Malware Config

Extracted

Family

urelas

C2

218.54.31.226

218.54.31.165

Targets

- Target
  
  5a25b6a022c98a9c70a3b38394370dd1c94a9f56593b5e8a167b0c6290e7c757.exe
- Size
  
  537KB
- MD5
  
  d20fee1a424647bee9f78e3942ba37f9
- SHA1
  
  a2c0bf2a4ce15eb5a151eadd37a1d51e9e87e3ac
- SHA256
  
  5a25b6a022c98a9c70a3b38394370dd1c94a9f56593b5e8a167b0c6290e7c757
- SHA512
  
  9bb9a502cee133b023d26d23e28a1037cb41f896e5c80e7e97f6e78eec42e53dceae1fa7600a9cd0bb9adb73b06f28be6442cb1eaada08de9afff8571a2b0e5f
- SSDEEP
  
  12288:q0nPhglq2Uyt4R/b2G/0hznQGoexBU/NPH:q0P/k4lb2wKatH
Score

10^/10

urelas discovery trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Urelas family
  urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

urelasdiscoverytrojan

behavioral2

urelasdiscoverytrojan