urelas | 152e8085421d2f4f114a78a231ed4745e62dcd3c69106cbea065cc5221887407 | Triage

Sharing

General

Target

152e8085421d2f4f114a78a231ed4745e62dcd3c69106cbea065cc5221887407N.exe
Size

69KB
Sample

241215-18h8ys1pgm
MD5

ab571f694f3f9ef487dd3ed149920920
SHA1

28ee594007c46aa088073f0b16f6bca132db9c36
SHA256

152e8085421d2f4f114a78a231ed4745e62dcd3c69106cbea065cc5221887407
SHA512

5b6a9159e2b04322ba034f685d9042bd4b54097ee3263b60ab0a6a8076197e51e00dd77dc29cacd9d702087ab9abc0f50b2ff7350bd04b3de064cb150ae0e7ec
SSDEEP

1536:04/WgLAjdZsp+uChoLnDeoqYAJjvLFymnHsPeOtf:l//AjMp+u2onejH2PeA

Score

10^/10

urelas discovery trojan

Malware Config

Extracted

Family

urelas

C2

218.54.47.76

218.54.47.77

218.54.47.74

Targets

- Target
  
  152e8085421d2f4f114a78a231ed4745e62dcd3c69106cbea065cc5221887407N.exe
- Size
  
  69KB
- MD5
  
  ab571f694f3f9ef487dd3ed149920920
- SHA1
  
  28ee594007c46aa088073f0b16f6bca132db9c36
- SHA256
  
  152e8085421d2f4f114a78a231ed4745e62dcd3c69106cbea065cc5221887407
- SHA512
  
  5b6a9159e2b04322ba034f685d9042bd4b54097ee3263b60ab0a6a8076197e51e00dd77dc29cacd9d702087ab9abc0f50b2ff7350bd04b3de064cb150ae0e7ec
- SSDEEP
  
  1536:04/WgLAjdZsp+uChoLnDeoqYAJjvLFymnHsPeOtf:l//AjMp+u2onejH2PeA
Score

10^/10

urelas discovery trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Urelas family
  urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

urelasdiscoverytrojan

behavioral2

urelasdiscoverytrojan