urelas | 202897d1be5f1c6c5eefda718d3c12847fbf2e135bb81b729ce65ddcf6d01c3a | Triage

Sharing

General

Target

202897d1be5f1c6c5eefda718d3c12847fbf2e135bb81b729ce65ddcf6d01c3a
Size

52KB
Sample

250116-zt9xpayne1
MD5

61088988cf972c55af11d98a6cf44026
SHA1

d3769c3cefa3eda0e0eefb29288d8382ab388512
SHA256

202897d1be5f1c6c5eefda718d3c12847fbf2e135bb81b729ce65ddcf6d01c3a
SHA512

e3997e5d3b41a6f8f288dea40a0dd72f96d8027a2ffd5af6addf608a41c659d2a6e438e827eb86b53dac8d80be540b6d89d2902d59928ce27921cdcc2d1a9507
SSDEEP

1536:h+Ds6ClDXuqweo/0khAUnJDgabGsVy6umfFlPhPCU:KsdXfBo/DBJBGzkP5PCU

Score

10^/10

urelas discovery trojan

Malware Config

Extracted

Family

urelas

C2

121.88.5.183

218.54.28.139

Targets

- Target
  
  202897d1be5f1c6c5eefda718d3c12847fbf2e135bb81b729ce65ddcf6d01c3a
- Size
  
  52KB
- MD5
  
  61088988cf972c55af11d98a6cf44026
- SHA1
  
  d3769c3cefa3eda0e0eefb29288d8382ab388512
- SHA256
  
  202897d1be5f1c6c5eefda718d3c12847fbf2e135bb81b729ce65ddcf6d01c3a
- SHA512
  
  e3997e5d3b41a6f8f288dea40a0dd72f96d8027a2ffd5af6addf608a41c659d2a6e438e827eb86b53dac8d80be540b6d89d2902d59928ce27921cdcc2d1a9507
- SSDEEP
  
  1536:h+Ds6ClDXuqweo/0khAUnJDgabGsVy6umfFlPhPCU:KsdXfBo/DBJBGzkP5PCU
Score

10^/10

urelas discovery trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Urelas family
  urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

urelasdiscoverytrojan

behavioral2

urelasdiscoverytrojan