urelas | 200e33e4c1a9b371c66ddbb036b92279e3ed2f65e81752c9b4e29a471c16bb42 | Triage

Sharing

General

Target

200e33e4c1a9b371c66ddbb036b92279e3ed2f65e81752c9b4e29a471c16bb42N.exe
Size

59KB
Sample

250119-zt1c9awjf1
MD5

70cd4a5c55eba9390954b36f80804930
SHA1

aed798f1974309adccb7a022d5614a835977ee86
SHA256

200e33e4c1a9b371c66ddbb036b92279e3ed2f65e81752c9b4e29a471c16bb42
SHA512

ed22cdb09c3e1a6bbd118345fd8d34e0dbe27435b26d74ca16fce6018c8081cd4e73155de0801747caccf17fced8f065ff96cb52cc0819676aeb042911ce8620
SSDEEP

768:jb4zb59Yix/RoyH+5flZirYqc97vFvrpaZG3DHvTdA9GgnOuS5Z3WXcKIZx5uDt:jbQx5oPsr2vFxDPhAvzgdWLIZ7yt

Score

10^/10

urelas discovery trojan

Malware Config

Extracted

Family

urelas

C2

218.54.47.76

218.54.47.77

218.54.47.74

Targets

- Target
  
  200e33e4c1a9b371c66ddbb036b92279e3ed2f65e81752c9b4e29a471c16bb42N.exe
- Size
  
  59KB
- MD5
  
  70cd4a5c55eba9390954b36f80804930
- SHA1
  
  aed798f1974309adccb7a022d5614a835977ee86
- SHA256
  
  200e33e4c1a9b371c66ddbb036b92279e3ed2f65e81752c9b4e29a471c16bb42
- SHA512
  
  ed22cdb09c3e1a6bbd118345fd8d34e0dbe27435b26d74ca16fce6018c8081cd4e73155de0801747caccf17fced8f065ff96cb52cc0819676aeb042911ce8620
- SSDEEP
  
  768:jb4zb59Yix/RoyH+5flZirYqc97vFvrpaZG3DHvTdA9GgnOuS5Z3WXcKIZx5uDt:jbQx5oPsr2vFxDPhAvzgdWLIZ7yt
Score

10^/10

urelas discovery trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Urelas family
  urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

urelasdiscoverytrojan

behavioral2

urelasdiscoverytrojan