urelas | 1e8c19abb2567cad80e89a87582b68c226673d68cd90f6acef6b8f734e7470d6 | Triage

Sharing

General

Target

d985d5b5d24b6e77ac4c6237ef822df4_JaffaCakes118
Size

59KB
Sample

240405-vhtzwaaa46
MD5

d985d5b5d24b6e77ac4c6237ef822df4
SHA1

422a9fe117e6094d2ebdb7ed182d33461a9590d1
SHA256

1e8c19abb2567cad80e89a87582b68c226673d68cd90f6acef6b8f734e7470d6
SHA512

b156fe3cd4c9caf9d73813974e54a26ee97f7719bb724b00ef525e1469327e052ee9c1900bebaee92d7fefa2f03b34bc98b603fa1396d66ab885a1a66ee30b7c
SSDEEP

768:n5mhew0GpSyMe6hwUkdwJzh+qciaQRENEzxZbARtR06g2wqp4YPeznellmqGwxPB:nK0GjMeQG3iaQREuVZ6ro29p4YxbKd2

Score

10^/10

urelas trojan

Malware Config

Extracted

Family

urelas

C2

218.54.47.76

218.54.47.77

218.54.47.74

Targets

- Target
  
  d985d5b5d24b6e77ac4c6237ef822df4_JaffaCakes118
- Size
  
  59KB
- MD5
  
  d985d5b5d24b6e77ac4c6237ef822df4
- SHA1
  
  422a9fe117e6094d2ebdb7ed182d33461a9590d1
- SHA256
  
  1e8c19abb2567cad80e89a87582b68c226673d68cd90f6acef6b8f734e7470d6
- SHA512
  
  b156fe3cd4c9caf9d73813974e54a26ee97f7719bb724b00ef525e1469327e052ee9c1900bebaee92d7fefa2f03b34bc98b603fa1396d66ab885a1a66ee30b7c
- SSDEEP
  
  768:n5mhew0GpSyMe6hwUkdwJzh+qciaQRENEzxZbARtR06g2wqp4YPeznellmqGwxPB:nK0GjMeQG3iaQREuVZ6ro29p4YxbKd2
Score

10^/10

urelas trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2