urelas | 4deb26b02d0cb1644fabde685ff15b704aca8b733072d8d9dbde6bce710b9794 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

129f3c4b96e113f4819f52a5f686bb5e_JaffaCakes118
Size

466KB
Sample

240328-3ct2paca93
MD5

129f3c4b96e113f4819f52a5f686bb5e
SHA1

b5b48c96bd4a5a5e6aacf93a3c0d143491f26220
SHA256

4deb26b02d0cb1644fabde685ff15b704aca8b733072d8d9dbde6bce710b9794
SHA512

214731cc984f39f422e02c2238ab8400bbd2358d02ba11139a3eecc019a3199edd0b15b8c9201d0126e1a95b170bc3bb142cec324d2786422b53735a9a7a4162
SSDEEP

6144:NKLOgsgomKLEFESGz0SPpeEPkPDPrzgtRY5RdrHc13FG9ItU6GvPwu:AOgwmisETzuaeDPvjJ81VGqK6GvPZ

Score

10^/10

urelas trojan

Malware Config

Extracted

Family

urelas

C2

1.234.83.146

133.242.129.155

218.54.31.226

218.54.31.165

Targets

- Target
  
  129f3c4b96e113f4819f52a5f686bb5e_JaffaCakes118
- Size
  
  466KB
- MD5
  
  129f3c4b96e113f4819f52a5f686bb5e
- SHA1
  
  b5b48c96bd4a5a5e6aacf93a3c0d143491f26220
- SHA256
  
  4deb26b02d0cb1644fabde685ff15b704aca8b733072d8d9dbde6bce710b9794
- SHA512
  
  214731cc984f39f422e02c2238ab8400bbd2358d02ba11139a3eecc019a3199edd0b15b8c9201d0126e1a95b170bc3bb142cec324d2786422b53735a9a7a4162
- SSDEEP
  
  6144:NKLOgsgomKLEFESGz0SPpeEPkPDPrzgtRY5RdrHc13FG9ItU6GvPwu:AOgwmisETzuaeDPvjJ81VGqK6GvPZ
Score

10^/10

urelas trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2