urelas | 0f15320b19b4f0b2acba03acaca9e2dde4a50b38efea2e49b07db1adb3c9ada2 | Triage

Sharing

General

Target

0f15320b19b4f0b2acba03acaca9e2dde4a50b38efea2e49b07db1adb3c9ada2.exe
Size

52KB
Sample

250120-d34ldayqht
MD5

8df8b99ca2445206670b20c3dfbf79e5
SHA1

1e94b7402b9b96d8cb85493e667ebbcd64ffb808
SHA256

0f15320b19b4f0b2acba03acaca9e2dde4a50b38efea2e49b07db1adb3c9ada2
SHA512

73db794c0f8c98781e598aed46f55046551416f7a81244b7ad375eafa673975cd396a1468b1c2cd2173da2ef63b3e2816fc8a74902a1de11283abe07cf3d39d2
SSDEEP

1536:h+Ds6ClDXuqweo/0khAUnJDgabGsVy6umfFlPhPCd:KsdXfBo/DBJBGzkP5PCd

Score

10^/10

urelas discovery trojan

Malware Config

Extracted

Family

urelas

C2

121.88.5.183

218.54.28.139

Targets

- Target
  
  0f15320b19b4f0b2acba03acaca9e2dde4a50b38efea2e49b07db1adb3c9ada2.exe
- Size
  
  52KB
- MD5
  
  8df8b99ca2445206670b20c3dfbf79e5
- SHA1
  
  1e94b7402b9b96d8cb85493e667ebbcd64ffb808
- SHA256
  
  0f15320b19b4f0b2acba03acaca9e2dde4a50b38efea2e49b07db1adb3c9ada2
- SHA512
  
  73db794c0f8c98781e598aed46f55046551416f7a81244b7ad375eafa673975cd396a1468b1c2cd2173da2ef63b3e2816fc8a74902a1de11283abe07cf3d39d2
- SSDEEP
  
  1536:h+Ds6ClDXuqweo/0khAUnJDgabGsVy6umfFlPhPCd:KsdXfBo/DBJBGzkP5PCd
Score

10^/10

urelas discovery trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Urelas family
  urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

urelasdiscoverytrojan

behavioral2

urelasdiscoverytrojan