urelas | 653e5c630d326fb3e5881ac6887c1b382d76afe32e7445688793746edc3977ce | Triage

Sharing

General

Target

653e5c630d326fb3e5881ac6887c1b382d76afe32e7445688793746edc3977ce.exe
Size

93KB
Sample

250124-gz6hcatqas
MD5

9ad3c3f8b3ea9acc79311422bb59d2da
SHA1

97f19c8de3bae716769a8c5a4943df974b578b6d
SHA256

653e5c630d326fb3e5881ac6887c1b382d76afe32e7445688793746edc3977ce
SHA512

08fa0bb96d4e0bec84704b557323d19bd49db12aadf522c63ad2d5e2d8f5f94bd5ea248ad8fd36c2485892f535fdb8bb64b05168426953eaff8a35ce7e07f1d0
SSDEEP

1536:iDJj/L6UWX/iDdolO4g033dsA2+n1qn1iLdB6XC:iDJj29G4gItR7n1qn4LdoC

Score

10^/10

urelas discovery trojan

Malware Config

Extracted

Family

urelas

C2

218.54.47.77

218.54.47.74

Targets

- Target
  
  653e5c630d326fb3e5881ac6887c1b382d76afe32e7445688793746edc3977ce.exe
- Size
  
  93KB
- MD5
  
  9ad3c3f8b3ea9acc79311422bb59d2da
- SHA1
  
  97f19c8de3bae716769a8c5a4943df974b578b6d
- SHA256
  
  653e5c630d326fb3e5881ac6887c1b382d76afe32e7445688793746edc3977ce
- SHA512
  
  08fa0bb96d4e0bec84704b557323d19bd49db12aadf522c63ad2d5e2d8f5f94bd5ea248ad8fd36c2485892f535fdb8bb64b05168426953eaff8a35ce7e07f1d0
- SSDEEP
  
  1536:iDJj/L6UWX/iDdolO4g033dsA2+n1qn1iLdB6XC:iDJj29G4gItR7n1qn4LdoC
Score

10^/10

urelas discovery trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Urelas family
  urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

urelasdiscoverytrojan

behavioral2

urelasdiscoverytrojan