urelas | 568f1d7c0db4ad571761dd031f9bc579d1c38a1dc0b06acfb6376e44d2770a36 | Triage

Sharing

General

Target

0502da103e8570ee1d53804fd17d1b87_JaffaCakes118
Size

199KB
Sample

240623-dlw5zaxeqf
MD5

0502da103e8570ee1d53804fd17d1b87
SHA1

177c635964faeb30670e7a6e2e65494068049204
SHA256

568f1d7c0db4ad571761dd031f9bc579d1c38a1dc0b06acfb6376e44d2770a36
SHA512

b0b67b82a256320ed4bd9fb3c25b28ad69718a1575af010afff17ab42d63f708dcd1cc96b867ef1d0b9261d154ed755a498fbce2aeb2ff13739bbc389ce869e3
SSDEEP

3072:gAwixCZ6Sh77R2Gpf606U8v0e7OIgPDFIbbzhPM67fIhAu:gExhk7rh7NEOIYWlPM6r6X

Score

10^/10

urelas trojan

Malware Config

Extracted

Family

urelas

C2

218.54.47.76

218.54.47.77

218.54.47.74

Targets

- Target
  
  0502da103e8570ee1d53804fd17d1b87_JaffaCakes118
- Size
  
  199KB
- MD5
  
  0502da103e8570ee1d53804fd17d1b87
- SHA1
  
  177c635964faeb30670e7a6e2e65494068049204
- SHA256
  
  568f1d7c0db4ad571761dd031f9bc579d1c38a1dc0b06acfb6376e44d2770a36
- SHA512
  
  b0b67b82a256320ed4bd9fb3c25b28ad69718a1575af010afff17ab42d63f708dcd1cc96b867ef1d0b9261d154ed755a498fbce2aeb2ff13739bbc389ce869e3
- SSDEEP
  
  3072:gAwixCZ6Sh77R2Gpf606U8v0e7OIgPDFIbbzhPM67fIhAu:gExhk7rh7NEOIYWlPM6r6X
Score

10^/10

urelas trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2