urelas | 3568215d402da690f4d347f9f78f7a8ab07e272e2ef866b9563ddfce616e8673 | Triage

Sharing

General

Target

0b6ada72acbdde7ab232113869471d23_JaffaCakes118
Size

184KB
Sample

240328-vrydnabe2v
MD5

0b6ada72acbdde7ab232113869471d23
SHA1

570ced7605f4a3be27e6ef9613ab89b0b35f41bc
SHA256

3568215d402da690f4d347f9f78f7a8ab07e272e2ef866b9563ddfce616e8673
SHA512

28eff451db74f86773375634c01f9ab7688453dcf282a29cbc657f6904488f1ba12c8f01a8c5b5fb20535921e7a4081610823495388d04779d4f8b2d1c79920f
SSDEEP

1536:TPwN8ukP5sZK20EGIBpwW6NeleEQ77nuUWXJmU2Ajpf8oI4KEAUgx:Thuk8QsH47nW5ppkoI4KEAUgx

Score

10^/10

urelas trojan

Malware Config

Extracted

Family

urelas

C2

112.175.88.207

112.175.88.208

Targets

- Target
  
  0b6ada72acbdde7ab232113869471d23_JaffaCakes118
- Size
  
  184KB
- MD5
  
  0b6ada72acbdde7ab232113869471d23
- SHA1
  
  570ced7605f4a3be27e6ef9613ab89b0b35f41bc
- SHA256
  
  3568215d402da690f4d347f9f78f7a8ab07e272e2ef866b9563ddfce616e8673
- SHA512
  
  28eff451db74f86773375634c01f9ab7688453dcf282a29cbc657f6904488f1ba12c8f01a8c5b5fb20535921e7a4081610823495388d04779d4f8b2d1c79920f
- SSDEEP
  
  1536:TPwN8ukP5sZK20EGIBpwW6NeleEQ77nuUWXJmU2Ajpf8oI4KEAUgx:Thuk8QsH47nW5ppkoI4KEAUgx
Score

10^/10

urelas trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2