urelas | e639d9121dd463c2311edb62712483fa484650b85e2163de9f593f5a55ac20bb | Triage

Sharing

General

Target

e639d9121dd463c2311edb62712483fa484650b85e2163de9f593f5a55ac20bb
Size

76KB
Sample

250204-g4gd1szlfq
MD5

d7f1d696e70b95e4998ef20a3c26e08f
SHA1

beaef86646949709a6e268d6ede697663896e714
SHA256

e639d9121dd463c2311edb62712483fa484650b85e2163de9f593f5a55ac20bb
SHA512

16c8d76c197cd0feaebcc46b9228d987323af868dc65915b8cc47ea1578ef300c13be6d8a347dbc0f9d2d4e73f52e2b6fa95115402c669bc30dde35b14abe86e
SSDEEP

1536:JBsRUZ2mpkX27tLUgk98l6h0JBDrDI6Rg4dOj:7NXkX27t5k8JRDIkgP

Score

10^/10

urelas discovery trojan

Malware Config

Extracted

Family

urelas

C2

112.175.88.208

112.175.88.207

Targets

- Target
  
  e639d9121dd463c2311edb62712483fa484650b85e2163de9f593f5a55ac20bb
- Size
  
  76KB
- MD5
  
  d7f1d696e70b95e4998ef20a3c26e08f
- SHA1
  
  beaef86646949709a6e268d6ede697663896e714
- SHA256
  
  e639d9121dd463c2311edb62712483fa484650b85e2163de9f593f5a55ac20bb
- SHA512
  
  16c8d76c197cd0feaebcc46b9228d987323af868dc65915b8cc47ea1578ef300c13be6d8a347dbc0f9d2d4e73f52e2b6fa95115402c669bc30dde35b14abe86e
- SSDEEP
  
  1536:JBsRUZ2mpkX27tLUgk98l6h0JBDrDI6Rg4dOj:7NXkX27t5k8JRDIkgP
Score

10^/10

urelas discovery trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Urelas family
  urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

urelasdiscoverytrojan

behavioral2

urelasdiscoverytrojan