urelas | 2a9fef8b1d91672aec0a52828e4e5b1c6e9f24da364b8d1455e1daf1ec3e9893 | Triage

Sharing

General

Target

2a9fef8b1d91672aec0a52828e4e5b1c6e9f24da364b8d1455e1daf1ec3e9893.exe
Size

76KB
Sample

241205-wwbwwswkdw
MD5

9129d779c4975fcc69f62557550805ad
SHA1

90f8d859ce3787e7ea7e4f6bef112caf8954ba5a
SHA256

2a9fef8b1d91672aec0a52828e4e5b1c6e9f24da364b8d1455e1daf1ec3e9893
SHA512

d7233ef2f4f0e6131009d776d7c48bd0127d56ebc2d4b8803ef3462ec7a21438562b96ea79e71b8ed89a507fc797e817a8e25573e60255bc9acf8ff8a9fc1738
SSDEEP

1536:1D433Oe20lleqbmruXP+9E5KJ+e8XwhpfH:1Dcpl1mrE+EeBJff

Score

10^/10

urelas discovery trojan

Malware Config

Extracted

Family

urelas

C2

112.175.88.208

112.175.88.207

Targets

- Target
  
  2a9fef8b1d91672aec0a52828e4e5b1c6e9f24da364b8d1455e1daf1ec3e9893.exe
- Size
  
  76KB
- MD5
  
  9129d779c4975fcc69f62557550805ad
- SHA1
  
  90f8d859ce3787e7ea7e4f6bef112caf8954ba5a
- SHA256
  
  2a9fef8b1d91672aec0a52828e4e5b1c6e9f24da364b8d1455e1daf1ec3e9893
- SHA512
  
  d7233ef2f4f0e6131009d776d7c48bd0127d56ebc2d4b8803ef3462ec7a21438562b96ea79e71b8ed89a507fc797e817a8e25573e60255bc9acf8ff8a9fc1738
- SSDEEP
  
  1536:1D433Oe20lleqbmruXP+9E5KJ+e8XwhpfH:1Dcpl1mrE+EeBJff
Score

10^/10

urelas discovery trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Urelas family
  urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

urelasdiscoverytrojan

behavioral2

urelasdiscoverytrojan