urelas | 7633631448a0d8d0733ace29234415c6a69a31fa63d4eec6701f6ceeaa017102 | Triage

Sharing

General

Target

f7848aea936387fc3fc8cf0ace3f66d8_JaffaCakes118
Size

447KB
Sample

240418-h2kt4afg5s
MD5

f7848aea936387fc3fc8cf0ace3f66d8
SHA1

c7620273d190e5df317e1ac724c7231e2e440106
SHA256

7633631448a0d8d0733ace29234415c6a69a31fa63d4eec6701f6ceeaa017102
SHA512

cbe16c34a0e1557b54fb96b18a3d611a4c6436e912ce9dffb7e260136fd1026a592823c958b54bd62ea466f2e73369a89b1744c4f5a2759fa9fae3c0b6a20a18
SSDEEP

6144:CEK25f5ySIcWLsxIIW4DYM6SB6v+qLnAzYmhwrxcvkzmSOpdFp:CMpASIcWYx2U6hAJQne

Score

10^/10

urelas trojan

Malware Config

Extracted

Family

urelas

C2

218.54.31.165

218.54.31.226

Targets

- Target
  
  f7848aea936387fc3fc8cf0ace3f66d8_JaffaCakes118
- Size
  
  447KB
- MD5
  
  f7848aea936387fc3fc8cf0ace3f66d8
- SHA1
  
  c7620273d190e5df317e1ac724c7231e2e440106
- SHA256
  
  7633631448a0d8d0733ace29234415c6a69a31fa63d4eec6701f6ceeaa017102
- SHA512
  
  cbe16c34a0e1557b54fb96b18a3d611a4c6436e912ce9dffb7e260136fd1026a592823c958b54bd62ea466f2e73369a89b1744c4f5a2759fa9fae3c0b6a20a18
- SSDEEP
  
  6144:CEK25f5ySIcWLsxIIW4DYM6SB6v+qLnAzYmhwrxcvkzmSOpdFp:CMpASIcWYx2U6hAJQne
Score

10^/10

urelas trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2