urelas | 8e24c6f125dfb8085831c56211d068d236301e419b734a6805f76d0d93e1afb4 | Triage

Sharing

General

Target

8e24c6f125dfb8085831c56211d068d236301e419b734a6805f76d0d93e1afb4.exe
Size

76KB
Sample

250123-dew7dsymdw
MD5

52a8fcf99b8eadfd68b8f8a4e3f52df0
SHA1

c8e7c9a9a6489f23ad9721f1b9bc05d4070414b0
SHA256

8e24c6f125dfb8085831c56211d068d236301e419b734a6805f76d0d93e1afb4
SHA512

51d377308f0a9324d6607dd1e38b4b4ff5101e9e6c585de230195667a93bdbfa5f5903c67dc0bb9e6972987b08f2fed4f5cd10d1a10648e8cafd339f8216c426
SSDEEP

1536:+Uk8RgDXz7Kx8zzgmTlvtKrNCpbXmsz4tHITp:Tk8yn7KdmTINQXzz4a

Score

10^/10

urelas discovery trojan

Malware Config

Extracted

Family

urelas

C2

112.175.88.207

112.175.88.208

Targets

- Target
  
  8e24c6f125dfb8085831c56211d068d236301e419b734a6805f76d0d93e1afb4.exe
- Size
  
  76KB
- MD5
  
  52a8fcf99b8eadfd68b8f8a4e3f52df0
- SHA1
  
  c8e7c9a9a6489f23ad9721f1b9bc05d4070414b0
- SHA256
  
  8e24c6f125dfb8085831c56211d068d236301e419b734a6805f76d0d93e1afb4
- SHA512
  
  51d377308f0a9324d6607dd1e38b4b4ff5101e9e6c585de230195667a93bdbfa5f5903c67dc0bb9e6972987b08f2fed4f5cd10d1a10648e8cafd339f8216c426
- SSDEEP
  
  1536:+Uk8RgDXz7Kx8zzgmTlvtKrNCpbXmsz4tHITp:Tk8yn7KdmTINQXzz4a
Score

10^/10

urelas discovery trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Urelas family
  urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

urelasdiscoverytrojan

behavioral2

urelasdiscoverytrojan