urelas | f202f3af4ca77f6ec5e5290bc5f7fde6d405306d02d5da3c81fbb404a63fafa0 | Triage

Sharing

General

Target

184b9df49ce837a56d6d893cc1714794_JaffaCakes118
Size

403KB
Sample

240628-bwgrxstdnf
MD5

184b9df49ce837a56d6d893cc1714794
SHA1

bca34692e07e2bb2a701eb702775fff90a061dee
SHA256

f202f3af4ca77f6ec5e5290bc5f7fde6d405306d02d5da3c81fbb404a63fafa0
SHA512

9fc76367b92fc1b3e577b7669a22cc5dc153c7721bfefb93e9bf12408907375a158343091bf0d584231de44969fea3f0d1e609b040924e97b44e3b14c9cefdfe
SSDEEP

6144:85SXvBoDWoyLYyzbkPC4DYM6SB6v+qLnAzYmhwrxcvkzmSBroh3:8IfBoDWoyFblU6hAJQnO9

Score

10^/10

urelas trojan

Malware Config

Extracted

Family

urelas

C2

218.54.31.165

218.54.31.226

Targets

- Target
  
  184b9df49ce837a56d6d893cc1714794_JaffaCakes118
- Size
  
  403KB
- MD5
  
  184b9df49ce837a56d6d893cc1714794
- SHA1
  
  bca34692e07e2bb2a701eb702775fff90a061dee
- SHA256
  
  f202f3af4ca77f6ec5e5290bc5f7fde6d405306d02d5da3c81fbb404a63fafa0
- SHA512
  
  9fc76367b92fc1b3e577b7669a22cc5dc153c7721bfefb93e9bf12408907375a158343091bf0d584231de44969fea3f0d1e609b040924e97b44e3b14c9cefdfe
- SSDEEP
  
  6144:85SXvBoDWoyLYyzbkPC4DYM6SB6v+qLnAzYmhwrxcvkzmSBroh3:8IfBoDWoyFblU6hAJQnO9
Score

10^/10

urelas trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2