urelas | 831b2344b83ede18fb942cce68d0172e90df32e0b9a5db1fd7212fd1da8a12b3 | Triage

Sharing

General

Target

09fc9e2d4ca78398803a4fde9d381ff0_JaffaCakes118
Size

403KB
Sample

240624-wj6whavfkc
MD5

09fc9e2d4ca78398803a4fde9d381ff0
SHA1

768a6e8b4df1e5ea26647e820012c5dfff4a99e2
SHA256

831b2344b83ede18fb942cce68d0172e90df32e0b9a5db1fd7212fd1da8a12b3
SHA512

787cd69cfa4c6b535fadb2f8947b9cfd23d0dae31e19948e4a5715a111772acdd4533aff92ef4d98633299f33e251dfea9cafc80be36d24bf6e50107418cd45d
SSDEEP

6144:85SXvBoDWoyLYyzbkPC4DYM6SB6v+qLnAzYmhwrxcvkzmSBroh1G:8IfBoDWoyFblU6hAJQnO6

Score

10^/10

urelas trojan

Malware Config

Extracted

Family

urelas

C2

218.54.31.165

218.54.31.226

Targets

- Target
  
  09fc9e2d4ca78398803a4fde9d381ff0_JaffaCakes118
- Size
  
  403KB
- MD5
  
  09fc9e2d4ca78398803a4fde9d381ff0
- SHA1
  
  768a6e8b4df1e5ea26647e820012c5dfff4a99e2
- SHA256
  
  831b2344b83ede18fb942cce68d0172e90df32e0b9a5db1fd7212fd1da8a12b3
- SHA512
  
  787cd69cfa4c6b535fadb2f8947b9cfd23d0dae31e19948e4a5715a111772acdd4533aff92ef4d98633299f33e251dfea9cafc80be36d24bf6e50107418cd45d
- SSDEEP
  
  6144:85SXvBoDWoyLYyzbkPC4DYM6SB6v+qLnAzYmhwrxcvkzmSBroh1G:8IfBoDWoyFblU6hAJQnO6
Score

10^/10

urelas trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2