urelas | 8221a4675d4839366cc13426056950a2742201f1da65cb7f8729d5017a16d178 | Triage

Sharing

General

Target

8221a4675d4839366cc13426056950a2742201f1da65cb7f8729d5017a16d178
Size

138KB
Sample

250119-ehbkjavrgr
MD5

cb8e65a5e75981aa5da1ab661821ee88
SHA1

e1334456b7bef3ebe043591dccecc0dfb41058f3
SHA256

8221a4675d4839366cc13426056950a2742201f1da65cb7f8729d5017a16d178
SHA512

a4307b8d867beee1a0502f4bf51e14c97e98e2f36a9811b37c40269735cafac1a23c065a3ac8fa84fd80df4c538fa83a73a4fb91b720fc03961623d6d081d673
SSDEEP

3072:VUhMsp+K1OXZjftqRO6DL/qHR4oBvsA7Ipr308dU4GU:VUhAOOt84Rh9KEi2U

Score

10^/10

urelas discovery trojan

Malware Config

Extracted

Family

urelas

C2

112.175.88.208

112.175.88.207

Targets

- Target
  
  8221a4675d4839366cc13426056950a2742201f1da65cb7f8729d5017a16d178
- Size
  
  138KB
- MD5
  
  cb8e65a5e75981aa5da1ab661821ee88
- SHA1
  
  e1334456b7bef3ebe043591dccecc0dfb41058f3
- SHA256
  
  8221a4675d4839366cc13426056950a2742201f1da65cb7f8729d5017a16d178
- SHA512
  
  a4307b8d867beee1a0502f4bf51e14c97e98e2f36a9811b37c40269735cafac1a23c065a3ac8fa84fd80df4c538fa83a73a4fb91b720fc03961623d6d081d673
- SSDEEP
  
  3072:VUhMsp+K1OXZjftqRO6DL/qHR4oBvsA7Ipr308dU4GU:VUhAOOt84Rh9KEi2U
Score

10^/10

urelas discovery trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Urelas family
  urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

urelasdiscoverytrojan

behavioral2

urelasdiscoverytrojan