urelas | d3c3bd60c9013307fc0d063014df043502b552991efb90b23d2128c0c9593b49 | Triage

Sharing

General

Target

d3c3bd60c9013307fc0d063014df043502b552991efb90b23d2128c0c9593b49N.exe
Size

78KB
Sample

250202-spwe6sxlbt
MD5

262129f0f9d8018ff485d3111b9de970
SHA1

4a08bbeaf1c0ec9b572356afa6bca49de8f2243a
SHA256

d3c3bd60c9013307fc0d063014df043502b552991efb90b23d2128c0c9593b49
SHA512

b76cf3525476d4b32c69198fd453585e1048ecd6f490fb177da1df3cad05f07297113a8d0de3481dd0d6724b1df0469d4692daa484204c612b2bcc5b416c1601
SSDEEP

768:xZU9HZe4JZxPKAgmmE2jmXwTcxlhshya4qCIDWObp2EfoiSCMy6MuHg/wrYaFRdn:xce4ZKAvTwTcshJDzo9LHyUYmdGT/4

Score

10^/10

urelas discovery trojan

Malware Config

Extracted

Family

urelas

C2

112.175.88.207

112.175.88.208

Targets

- Target
  
  d3c3bd60c9013307fc0d063014df043502b552991efb90b23d2128c0c9593b49N.exe
- Size
  
  78KB
- MD5
  
  262129f0f9d8018ff485d3111b9de970
- SHA1
  
  4a08bbeaf1c0ec9b572356afa6bca49de8f2243a
- SHA256
  
  d3c3bd60c9013307fc0d063014df043502b552991efb90b23d2128c0c9593b49
- SHA512
  
  b76cf3525476d4b32c69198fd453585e1048ecd6f490fb177da1df3cad05f07297113a8d0de3481dd0d6724b1df0469d4692daa484204c612b2bcc5b416c1601
- SSDEEP
  
  768:xZU9HZe4JZxPKAgmmE2jmXwTcxlhshya4qCIDWObp2EfoiSCMy6MuHg/wrYaFRdn:xce4ZKAvTwTcshJDzo9LHyUYmdGT/4
Score

10^/10

urelas discovery trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Urelas family
  urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

urelasdiscoverytrojan

behavioral2

urelasdiscoverytrojan