urelas | 7bb4cd6c4d3069246daa48e8e1934a0880f1949e10289bc3401dd7efeb0b9b93 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f2306a912b257fea8e57f0b539c231c1_JaffaCakes118
Size

264KB
Sample

240415-3pqj2add71
MD5

f2306a912b257fea8e57f0b539c231c1
SHA1

638ed5accc90b0a5b6897fefa6fd81220938ce68
SHA256

7bb4cd6c4d3069246daa48e8e1934a0880f1949e10289bc3401dd7efeb0b9b93
SHA512

bbd4f39205eb9d69cf13ab2f3ea6a8ec030fab9d5f30a27a104d98bcfdcebafd844fca89d32907b3d4fbb67720f16164d0ece471e3004f3684aee1e44ff4fcc8
SSDEEP

3072:AUApueDWSppTaeskDEjUrqfkZ557YzAL9gFoI3X3fZE5UANa3:ASeyGpTaesaQUufkL57YsL9NIx9ANa3

Score

10^/10

urelas trojan

Malware Config

Extracted

Family

urelas

C2

112.175.88.207

112.175.88.208

Targets

- Target
  
  f2306a912b257fea8e57f0b539c231c1_JaffaCakes118
- Size
  
  264KB
- MD5
  
  f2306a912b257fea8e57f0b539c231c1
- SHA1
  
  638ed5accc90b0a5b6897fefa6fd81220938ce68
- SHA256
  
  7bb4cd6c4d3069246daa48e8e1934a0880f1949e10289bc3401dd7efeb0b9b93
- SHA512
  
  bbd4f39205eb9d69cf13ab2f3ea6a8ec030fab9d5f30a27a104d98bcfdcebafd844fca89d32907b3d4fbb67720f16164d0ece471e3004f3684aee1e44ff4fcc8
- SSDEEP
  
  3072:AUApueDWSppTaeskDEjUrqfkZ557YzAL9gFoI3X3fZE5UANa3:ASeyGpTaesaQUufkL57YsL9NIx9ANa3
Score

10^/10

urelas trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2