urelas | e8c39d3f4016966d93579189aa331f4f54c9650eb9aa96bfabb1969745a9e91e | Triage

Sharing

General

Target

e8c39d3f4016966d93579189aa331f4f54c9650eb9aa96bfabb1969745a9e91e.exe
Size

393KB
Sample

250124-a9swnstkel
MD5

73005a47e70ee59905df8dc1d81cd2df
SHA1

86273bb1e238b77f5308f67217cb9d38899a9bf4
SHA256

e8c39d3f4016966d93579189aa331f4f54c9650eb9aa96bfabb1969745a9e91e
SHA512

d76dae54212429764bbe8309f7b73de3c5e85ff4096cc4bffe390b82ebf1469bc4133aef0fe0d8c460923e60240f0573b5f0710c3fb354706b1faad82c47fa13
SSDEEP

6144:y5SXvBoDWoyLYyzbpPC4DYM6SB6v+qLnAzYmhwrxcvkzmSBrBS:yIfBoDWoyFboU6hAJQnrS

Score

10^/10

urelas discovery trojan

Malware Config

Extracted

Family

urelas

C2

218.54.31.165

218.54.31.226

Targets

- Target
  
  e8c39d3f4016966d93579189aa331f4f54c9650eb9aa96bfabb1969745a9e91e.exe
- Size
  
  393KB
- MD5
  
  73005a47e70ee59905df8dc1d81cd2df
- SHA1
  
  86273bb1e238b77f5308f67217cb9d38899a9bf4
- SHA256
  
  e8c39d3f4016966d93579189aa331f4f54c9650eb9aa96bfabb1969745a9e91e
- SHA512
  
  d76dae54212429764bbe8309f7b73de3c5e85ff4096cc4bffe390b82ebf1469bc4133aef0fe0d8c460923e60240f0573b5f0710c3fb354706b1faad82c47fa13
- SSDEEP
  
  6144:y5SXvBoDWoyLYyzbpPC4DYM6SB6v+qLnAzYmhwrxcvkzmSBrBS:yIfBoDWoyFboU6hAJQnrS
Score

10^/10

urelas discovery trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Urelas family
  urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

urelasdiscoverytrojan

behavioral2

urelasdiscoverytrojan