urelas | e156158712cede8be39850d649229f37be75bc43258dffa8b3c7f7879a280750 | Triage

Sharing

General

Target

15fdb2d27414e72354d2b61fb49f0466_JaffaCakes118
Size

782KB
Sample

240627-pkeebatcpm
MD5

15fdb2d27414e72354d2b61fb49f0466
SHA1

af2bf1ef3a845191c2aa4e153de17e7fa6d6d69f
SHA256

e156158712cede8be39850d649229f37be75bc43258dffa8b3c7f7879a280750
SHA512

f9d0dbc844a8650b18e9b2938cd3d0647db519ce0b09d1edba70c121f12229526da4d4ba0b560390bcc22403e31f1f9b502efbf5e8e9499fd7602639caf4ae17
SSDEEP

12288:YOlx4kk9HKda4YfM/1T3PPSnPI2VAWNDTJHq9DIMTW8c1Yl:YA4Ya1fQzPPSnPFqWtTJK9DIMTW89

Score

10^/10

urelas trojan

Malware Config

Extracted

Family

urelas

C2

1.234.83.146

133.242.129.155

218.54.31.226

218.54.31.165

Targets

- Target
  
  15fdb2d27414e72354d2b61fb49f0466_JaffaCakes118
- Size
  
  782KB
- MD5
  
  15fdb2d27414e72354d2b61fb49f0466
- SHA1
  
  af2bf1ef3a845191c2aa4e153de17e7fa6d6d69f
- SHA256
  
  e156158712cede8be39850d649229f37be75bc43258dffa8b3c7f7879a280750
- SHA512
  
  f9d0dbc844a8650b18e9b2938cd3d0647db519ce0b09d1edba70c121f12229526da4d4ba0b560390bcc22403e31f1f9b502efbf5e8e9499fd7602639caf4ae17
- SSDEEP
  
  12288:YOlx4kk9HKda4YfM/1T3PPSnPI2VAWNDTJHq9DIMTW8c1Yl:YA4Ya1fQzPPSnPFqWtTJK9DIMTW89
Score

10^/10

urelas trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2