urelas | 215ba9a530cc9f6fa8a9768a33d9723d02919758f0c7ed3544b66e7c30fd4b2c | Triage

Sharing

General

Target

215ba9a530cc9f6fa8a9768a33d9723d02919758f0c7ed3544b66e7c30fd4b2c.exe
Size

52KB
Sample

250119-2c34xsynaw
MD5

3e66c50da433b2b3295167a4835bb2ee
SHA1

34f2350cb23ad1ee8e51f59c739b56d02a75e3c0
SHA256

215ba9a530cc9f6fa8a9768a33d9723d02919758f0c7ed3544b66e7c30fd4b2c
SHA512

db5763acf8f0dbd0d6d4f79c70b11ff148ec38b4f74f27755bf2c489ad0cc76abef81336a8d8d4a0208670a55e1b7dbadce255cbce1d6986e78c0d4007d4ab42
SSDEEP

1536:h+Ds6ClDXuqweo/0khAUnJDgabGsVy6umfFlPhPCT:KsdXfBo/DBJBGzkP5PCT

Score

10^/10

urelas discovery trojan

Malware Config

Extracted

Family

urelas

C2

121.88.5.183

218.54.28.139

Targets

- Target
  
  215ba9a530cc9f6fa8a9768a33d9723d02919758f0c7ed3544b66e7c30fd4b2c.exe
- Size
  
  52KB
- MD5
  
  3e66c50da433b2b3295167a4835bb2ee
- SHA1
  
  34f2350cb23ad1ee8e51f59c739b56d02a75e3c0
- SHA256
  
  215ba9a530cc9f6fa8a9768a33d9723d02919758f0c7ed3544b66e7c30fd4b2c
- SHA512
  
  db5763acf8f0dbd0d6d4f79c70b11ff148ec38b4f74f27755bf2c489ad0cc76abef81336a8d8d4a0208670a55e1b7dbadce255cbce1d6986e78c0d4007d4ab42
- SSDEEP
  
  1536:h+Ds6ClDXuqweo/0khAUnJDgabGsVy6umfFlPhPCT:KsdXfBo/DBJBGzkP5PCT
Score

10^/10

urelas discovery trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Urelas family
  urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

urelasdiscoverytrojan

behavioral2

urelasdiscoverytrojan