urelas | 97e8f14b68a589239b11630fd1405b0d2ce6b84c8338842ce9c82f0b344106d2 | Triage

Sharing

General

Target

97e8f14b68a589239b11630fd1405b0d2ce6b84c8338842ce9c82f0b344106d2
Size

78KB
Sample

250206-cv2w5sslcj
MD5

944a5f9694369ae5c5cbae402c559d29
SHA1

2594ce819effa70ba6d0a5393b7a3488b3880bbe
SHA256

97e8f14b68a589239b11630fd1405b0d2ce6b84c8338842ce9c82f0b344106d2
SHA512

af5e85a23a20f45754f4d9deff54b681fb9b89fbabe1050b546ddf35dc4de34aa0c0911c408510eea8cc4e4e8e2236b0e31f2e6d417ff0ace67f85c796b64c48
SSDEEP

768:+sc7OdswlhnuXLhUQW5NPUFLuFdxm9MGVGkno5ksPCvEHH18TUBB/IwRfCZU9/7P:+9MJjCL2VlddeykkPCv8CqO+fC2c0

Score

10^/10

urelas discovery trojan

Malware Config

Extracted

Family

urelas

C2

112.175.88.208

112.175.88.207

Targets

- Target
  
  97e8f14b68a589239b11630fd1405b0d2ce6b84c8338842ce9c82f0b344106d2
- Size
  
  78KB
- MD5
  
  944a5f9694369ae5c5cbae402c559d29
- SHA1
  
  2594ce819effa70ba6d0a5393b7a3488b3880bbe
- SHA256
  
  97e8f14b68a589239b11630fd1405b0d2ce6b84c8338842ce9c82f0b344106d2
- SHA512
  
  af5e85a23a20f45754f4d9deff54b681fb9b89fbabe1050b546ddf35dc4de34aa0c0911c408510eea8cc4e4e8e2236b0e31f2e6d417ff0ace67f85c796b64c48
- SSDEEP
  
  768:+sc7OdswlhnuXLhUQW5NPUFLuFdxm9MGVGkno5ksPCvEHH18TUBB/IwRfCZU9/7P:+9MJjCL2VlddeykkPCv8CqO+fC2c0
Score

10^/10

urelas discovery trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Urelas family
  urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

urelasdiscoverytrojan

behavioral2

urelasdiscoverytrojan