urelas | ec012b55d45584ead0f10edb75881b9b357a3a56a43b891cbc296467d22e24b6 | Triage

Sharing

General

Target

ec012b55d45584ead0f10edb75881b9b357a3a56a43b891cbc296467d22e24b6.exe
Size

94KB
Sample

250125-pz8ayavmcj
MD5

855f715ebb7b08cca6538de00b3db65a
SHA1

60450d11c65542a96bc0b9652140b3e5577eb03a
SHA256

ec012b55d45584ead0f10edb75881b9b357a3a56a43b891cbc296467d22e24b6
SHA512

8d88d7efba1f5d485789e15f95ed519d6e3e5a6dc3cd4ab5132c1bd9f4d6b2573470bde63f1ca4ea446bb72510e907855f2177cd49b048a9bf39d87a24dcb66d
SSDEEP

768:tp0ti4HnnhtwYbJy6rioyelmd1TzulQEDDPOwc5n5uNCT/jhhLBxQIwqepJZU9mq:tWzhtJbUgHoADDIx1hLfuJrq

Score

10^/10

urelas discovery trojan

Malware Config

Extracted

Family

urelas

C2

112.175.88.207

112.175.88.208

Targets

- Target
  
  ec012b55d45584ead0f10edb75881b9b357a3a56a43b891cbc296467d22e24b6.exe
- Size
  
  94KB
- MD5
  
  855f715ebb7b08cca6538de00b3db65a
- SHA1
  
  60450d11c65542a96bc0b9652140b3e5577eb03a
- SHA256
  
  ec012b55d45584ead0f10edb75881b9b357a3a56a43b891cbc296467d22e24b6
- SHA512
  
  8d88d7efba1f5d485789e15f95ed519d6e3e5a6dc3cd4ab5132c1bd9f4d6b2573470bde63f1ca4ea446bb72510e907855f2177cd49b048a9bf39d87a24dcb66d
- SSDEEP
  
  768:tp0ti4HnnhtwYbJy6rioyelmd1TzulQEDDPOwc5n5uNCT/jhhLBxQIwqepJZU9mq:tWzhtJbUgHoADDIx1hLfuJrq
Score

10^/10

urelas discovery trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Urelas family
  urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

urelasdiscoverytrojan

behavioral2

urelasdiscoverytrojan