urelas

General

Target

bb0a8b1cd841f54f8fb49ad3f11fdfdf2f0ff54aca2ccafa190a0d956dc18153
Size

96KB
Sample

250125-gabxfazlek
MD5

17d33d83b92175363fab6972255e994b
SHA1

68ed18a0cf8e816cff9aea0ebe7a1543e0f124cf
SHA256

bb0a8b1cd841f54f8fb49ad3f11fdfdf2f0ff54aca2ccafa190a0d956dc18153
SHA512

874f444052ad9440b03944e4292f96d4313ec69ae4132a22bbaa5dcfb838e6ddc807fb27007938c49078d2147de83e20fe0b660b94ff12a044e5d2ec233f077f
SSDEEP

768:PcPYj9Y5By4gtdjv+x3itPaoobv9TjeHl7j3hgSOpP7tRLZU9qZU9QCma3/WJG1u:PkOwUtxmx3QVgX2xjRpkpUmgWJds7R+

Score

10^/10

Malware Config

Extracted

Family

urelas

C2

112.175.88.207

112.175.88.208

Targets

- Target
  
  bb0a8b1cd841f54f8fb49ad3f11fdfdf2f0ff54aca2ccafa190a0d956dc18153
- Size
  
  96KB
- MD5
  
  17d33d83b92175363fab6972255e994b
- SHA1
  
  68ed18a0cf8e816cff9aea0ebe7a1543e0f124cf
- SHA256
  
  bb0a8b1cd841f54f8fb49ad3f11fdfdf2f0ff54aca2ccafa190a0d956dc18153
- SHA512
  
  874f444052ad9440b03944e4292f96d4313ec69ae4132a22bbaa5dcfb838e6ddc807fb27007938c49078d2147de83e20fe0b660b94ff12a044e5d2ec233f077f
- SSDEEP
  
  768:PcPYj9Y5By4gtdjv+x3itPaoobv9TjeHl7j3hgSOpP7tRLZU9qZU9QCma3/WJG1u:PkOwUtxmx3QVgX2xjRpkpUmgWJds7R+
Score

10^/10

urelas aspackv2 discovery trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Urelas family
  urelas
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Urelas family

ASPack v2.12-2.42

Checks computer location settings

Deletes itself

Executes dropped EXE

Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2