urelas | d8788fd73b5add5faa3130d63d98a7006ec12aeca1b43e8a2ec9cefbf0d49999 | Triage

Sharing

General

Target

d8788fd73b5add5faa3130d63d98a7006ec12aeca1b43e8a2ec9cefbf0d49999.exe
Size

241KB
Sample

241124-d775csslfz
MD5

3d1b8fae0c272f24ebd09e074ce479d2
SHA1

e1fce02dfa11cb4e7009aadb926e1eb6583d50d6
SHA256

d8788fd73b5add5faa3130d63d98a7006ec12aeca1b43e8a2ec9cefbf0d49999
SHA512

a06ba07e1245c3bb4df886b54fd5ae95ef30f948c4aa233f95bfbe780e3a88f63667990c58378cd09c8f8fd11cab1b119594828c0efa80fe2f0af9f40051662f
SSDEEP

3072:K8ASpvo0LKrXEX65ezpxJ2kbJ7mv73E2o/9sY2u:ZASpvo0LKkRzpxJ2kRqroiu

Score

10^/10

urelas discovery trojan

Malware Config

Extracted

Family

urelas

C2

112.175.88.207

112.175.88.208

Targets

- Target
  
  d8788fd73b5add5faa3130d63d98a7006ec12aeca1b43e8a2ec9cefbf0d49999.exe
- Size
  
  241KB
- MD5
  
  3d1b8fae0c272f24ebd09e074ce479d2
- SHA1
  
  e1fce02dfa11cb4e7009aadb926e1eb6583d50d6
- SHA256
  
  d8788fd73b5add5faa3130d63d98a7006ec12aeca1b43e8a2ec9cefbf0d49999
- SHA512
  
  a06ba07e1245c3bb4df886b54fd5ae95ef30f948c4aa233f95bfbe780e3a88f63667990c58378cd09c8f8fd11cab1b119594828c0efa80fe2f0af9f40051662f
- SSDEEP
  
  3072:K8ASpvo0LKrXEX65ezpxJ2kbJ7mv73E2o/9sY2u:ZASpvo0LKkRzpxJ2kRqroiu
Score

10^/10

urelas discovery trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Urelas family
  urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

urelasdiscoverytrojan

behavioral2

urelasdiscoverytrojan