urelas | 59728919700593b0d3448a4efaf3356da0d57e085ab9bdc0142bfaf707ec80d7 | Triage

Sharing

General

Target

59728919700593b0d3448a4efaf3356da0d57e085ab9bdc0142bfaf707ec80d7N.exe
Size

76KB
Sample

250122-lb278syrdt
MD5

f2bc391f02e9589972e233b10db8e9a0
SHA1

d4c7c8909e6e107d6b81a5fa006e90962843e511
SHA256

59728919700593b0d3448a4efaf3356da0d57e085ab9bdc0142bfaf707ec80d7
SHA512

02e062a9172a1fd4a5755a5c5183b7c6f59e8761977ae1652f4a27bb0a5f46750f41b3384acb6e843da792f18ea05da0f393e18e6808d9d7d3e48fc31a9ba2d4
SSDEEP

1536:+Uk8RgDXz7Kx8zzgmTlvtKrNCpbXmsz4tHITZ:Tk8yn7KdmTINQXzz46

Score

10^/10

urelas discovery trojan

Malware Config

Extracted

Family

urelas

C2

112.175.88.207

112.175.88.208

Targets

- Target
  
  59728919700593b0d3448a4efaf3356da0d57e085ab9bdc0142bfaf707ec80d7N.exe
- Size
  
  76KB
- MD5
  
  f2bc391f02e9589972e233b10db8e9a0
- SHA1
  
  d4c7c8909e6e107d6b81a5fa006e90962843e511
- SHA256
  
  59728919700593b0d3448a4efaf3356da0d57e085ab9bdc0142bfaf707ec80d7
- SHA512
  
  02e062a9172a1fd4a5755a5c5183b7c6f59e8761977ae1652f4a27bb0a5f46750f41b3384acb6e843da792f18ea05da0f393e18e6808d9d7d3e48fc31a9ba2d4
- SSDEEP
  
  1536:+Uk8RgDXz7Kx8zzgmTlvtKrNCpbXmsz4tHITZ:Tk8yn7KdmTINQXzz46
Score

10^/10

urelas discovery trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Urelas family
  urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

urelasdiscoverytrojan

behavioral2

urelasdiscoverytrojan