urelas | 5b07e78224332d18a4dd62abcf09213edbab86467be494abe3aa571857eb2d1e | Triage

Sharing

General

Target

5b07e78224332d18a4dd62abcf09213edbab86467be494abe3aa571857eb2d1eN.exe
Size

94KB
Sample

241207-z4kqjstpev
MD5

ac2b568e1dbf238ea91ee2bdd46db1d0
SHA1

93f75123f3b5b7ff62805b88ffa11b6b932fb120
SHA256

5b07e78224332d18a4dd62abcf09213edbab86467be494abe3aa571857eb2d1e
SHA512

2b47a240eabdd7a9806e1531f0a09cb96498237930b7e36fc939769b445621e3afc6f09c766b3ea7c347cfe3c859506a2f97129461e854d5b70a5b0e3f79742c
SSDEEP

1536:nwhq8V9IpPf2lgiIJ4pivJnuNVueC39GdBR3M9co:nqV9MziU4piRun7C3CP3MT

Score

10^/10

urelas discovery trojan

Malware Config

Extracted

Family

urelas

C2

112.175.88.208

112.175.88.209

112.175.88.207

Targets

- Target
  
  5b07e78224332d18a4dd62abcf09213edbab86467be494abe3aa571857eb2d1eN.exe
- Size
  
  94KB
- MD5
  
  ac2b568e1dbf238ea91ee2bdd46db1d0
- SHA1
  
  93f75123f3b5b7ff62805b88ffa11b6b932fb120
- SHA256
  
  5b07e78224332d18a4dd62abcf09213edbab86467be494abe3aa571857eb2d1e
- SHA512
  
  2b47a240eabdd7a9806e1531f0a09cb96498237930b7e36fc939769b445621e3afc6f09c766b3ea7c347cfe3c859506a2f97129461e854d5b70a5b0e3f79742c
- SSDEEP
  
  1536:nwhq8V9IpPf2lgiIJ4pivJnuNVueC39GdBR3M9co:nqV9MziU4piRun7C3CP3MT
Score

10^/10

urelas discovery trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Urelas family
  urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

urelasdiscoverytrojan

behavioral2

urelasdiscoverytrojan