urelas | 5b7ffb6582b9627f310fb7be22fefb4dea58d1aef30301e981d357ab7126bad4 | Triage

Sharing

General

Target

5b7ffb6582b9627f310fb7be22fefb4dea58d1aef30301e981d357ab7126bad4
Size

77KB
Sample

250203-3lrypaxkex
MD5

76becc6084eb6de9a0b38cd7c27c2f43
SHA1

6a984b4adefb8c106c1d09f6d1d27d63c3a6abf6
SHA256

5b7ffb6582b9627f310fb7be22fefb4dea58d1aef30301e981d357ab7126bad4
SHA512

b72cb997754bae1ce88493e5bc9afcc57f62dd9731c85cd0bf7976ff16ecc9fe7b3b3dc58042f380ef4fc1546a155e78764499158cf7883e093db4344d481c4a
SSDEEP

1536:PL2hIZA4fFfgK6xwHquw63wIl3eCEwWsg1+:PLnFYZx7CeCEwrV

Score

10^/10

urelas discovery trojan

Malware Config

Extracted

Family

urelas

C2

112.175.88.207

112.175.88.208

Targets

- Target
  
  5b7ffb6582b9627f310fb7be22fefb4dea58d1aef30301e981d357ab7126bad4
- Size
  
  77KB
- MD5
  
  76becc6084eb6de9a0b38cd7c27c2f43
- SHA1
  
  6a984b4adefb8c106c1d09f6d1d27d63c3a6abf6
- SHA256
  
  5b7ffb6582b9627f310fb7be22fefb4dea58d1aef30301e981d357ab7126bad4
- SHA512
  
  b72cb997754bae1ce88493e5bc9afcc57f62dd9731c85cd0bf7976ff16ecc9fe7b3b3dc58042f380ef4fc1546a155e78764499158cf7883e093db4344d481c4a
- SSDEEP
  
  1536:PL2hIZA4fFfgK6xwHquw63wIl3eCEwWsg1+:PLnFYZx7CeCEwrV
Score

10^/10

urelas discovery trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Urelas family
  urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

urelasdiscoverytrojan

behavioral2

urelasdiscoverytrojan