urelas | 2bfb111d8714f20160428f234d0b985aac78918f95cc377732c98ed2332773df | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2bfb111d8714f20160428f234d0b985aac78918f95cc377732c98ed2332773dfN.exe
Size

77KB
Sample

241217-pddt7syngz
MD5

28704f7275bf0223f865e970b082b130
SHA1

ec08a00dade34cbc9053f8c487de1c341375b968
SHA256

2bfb111d8714f20160428f234d0b985aac78918f95cc377732c98ed2332773df
SHA512

51e6f89e9aa96f94b06f9bd549c4d7f6708b26ead85faa5eba453c7175c6925a873ea33a815597888e0b5b264db1fe26cc7dc61de61224d0684f24e3440dfc03
SSDEEP

1536:1D433Oe20lleqbmruXP+9E5KJ+e8Xwhpfz:1Dcpl1mrE+EeBJf7

Score

10^/10

urelas discovery trojan

Malware Config

Extracted

Family

urelas

C2

112.175.88.208

112.175.88.207

Targets

- Target
  
  2bfb111d8714f20160428f234d0b985aac78918f95cc377732c98ed2332773dfN.exe
- Size
  
  77KB
- MD5
  
  28704f7275bf0223f865e970b082b130
- SHA1
  
  ec08a00dade34cbc9053f8c487de1c341375b968
- SHA256
  
  2bfb111d8714f20160428f234d0b985aac78918f95cc377732c98ed2332773df
- SHA512
  
  51e6f89e9aa96f94b06f9bd549c4d7f6708b26ead85faa5eba453c7175c6925a873ea33a815597888e0b5b264db1fe26cc7dc61de61224d0684f24e3440dfc03
- SSDEEP
  
  1536:1D433Oe20lleqbmruXP+9E5KJ+e8Xwhpfz:1Dcpl1mrE+EeBJf7
Score

10^/10

urelas discovery trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Urelas family
  urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

urelasdiscoverytrojan

behavioral2

urelasdiscoverytrojan