urelas | c2e5c199ed6d3986c04ae7b4a49d674c96a773ef2afb69004a2508db1e2d2a14 | Triage

Sharing

General

Target

c2e5c199ed6d3986c04ae7b4a49d674c96a773ef2afb69004a2508db1e2d2a14N.exe
Size

94KB
Sample

250122-fhc9ssyqf1
MD5

d57898bb6f5a77ee1896b18c848402a0
SHA1

69ffde7483461188092216b58accb344ab3a9672
SHA256

c2e5c199ed6d3986c04ae7b4a49d674c96a773ef2afb69004a2508db1e2d2a14
SHA512

7cb76361053906ffba9b657d9af15bfeb23c94bd4c6addd939ded8ced18b5ae35af0db73288e51e29ff4ee04744c1828eef6b0a7db8b8d8bf5f7312f52f68e88
SSDEEP

768:tp0ti4HnnhtwYbJy6rioyelmd1TzulQEDDPOwc5n5uNCT/jhhLBxQIwqepJZU9m8:tWzhtJbUgHoADDIx1hLfuJr8

Score

10^/10

urelas discovery trojan

Malware Config

Extracted

Family

urelas

C2

112.175.88.207

112.175.88.208

Targets

- Target
  
  c2e5c199ed6d3986c04ae7b4a49d674c96a773ef2afb69004a2508db1e2d2a14N.exe
- Size
  
  94KB
- MD5
  
  d57898bb6f5a77ee1896b18c848402a0
- SHA1
  
  69ffde7483461188092216b58accb344ab3a9672
- SHA256
  
  c2e5c199ed6d3986c04ae7b4a49d674c96a773ef2afb69004a2508db1e2d2a14
- SHA512
  
  7cb76361053906ffba9b657d9af15bfeb23c94bd4c6addd939ded8ced18b5ae35af0db73288e51e29ff4ee04744c1828eef6b0a7db8b8d8bf5f7312f52f68e88
- SSDEEP
  
  768:tp0ti4HnnhtwYbJy6rioyelmd1TzulQEDDPOwc5n5uNCT/jhhLBxQIwqepJZU9m8:tWzhtJbUgHoADDIx1hLfuJr8
Score

10^/10

urelas discovery trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Urelas family
  urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

urelasdiscoverytrojan

behavioral2

urelasdiscoverytrojan