urelas | ce5e8a06c7a1e5aacdd3320e4173de3a285fb08528f546faafa04ec04eba0935 | Triage

Sharing

General

Target

2025-04-02_516598a9c83de539746a363897f299e2_amadey_rhadamanthys_smoke-loader
Size

400KB
Sample

250402-sl31vayxft
MD5

516598a9c83de539746a363897f299e2
SHA1

eb991959380a779f56d05e63a4cc6131ab955209
SHA256

ce5e8a06c7a1e5aacdd3320e4173de3a285fb08528f546faafa04ec04eba0935
SHA512

34ecad7df366199293b89ba078934417709f107534339b6805f54bb9c171158c8fe1c4e16607982fc30300865bb8efaefb4a087523b594df5f20b6622b41459b
SSDEEP

6144:85SXvBoDWoyLYyzbkPC4DYM6SB6v+qLnAzYmhwrxcvkzmSBrohr:8IfBoDWoyFblU6hAJQnOR

Score

10^/10

urelas discovery trojan

Malware Config

Extracted

Family

urelas

C2

218.54.31.165

218.54.31.226

Targets

- Target
  
  2025-04-02_516598a9c83de539746a363897f299e2_amadey_rhadamanthys_smoke-loader
- Size
  
  400KB
- MD5
  
  516598a9c83de539746a363897f299e2
- SHA1
  
  eb991959380a779f56d05e63a4cc6131ab955209
- SHA256
  
  ce5e8a06c7a1e5aacdd3320e4173de3a285fb08528f546faafa04ec04eba0935
- SHA512
  
  34ecad7df366199293b89ba078934417709f107534339b6805f54bb9c171158c8fe1c4e16607982fc30300865bb8efaefb4a087523b594df5f20b6622b41459b
- SSDEEP
  
  6144:85SXvBoDWoyLYyzbkPC4DYM6SB6v+qLnAzYmhwrxcvkzmSBrohr:8IfBoDWoyFblU6hAJQnOR
Score

10^/10

urelas discovery trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Urelas family
  urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

urelasdiscoverytrojan