urelas | 073c4efd1518d42518c276fc6e4e8fa3cec6f8a6a6c8f6e6cbc2f9b3d964ca23 | Triage

Sharing

General

Target

18822e5419887f3c3905917295d7c742_JaffaCakes118
Size

208KB
Sample

240628-c9l48sxcla
MD5

18822e5419887f3c3905917295d7c742
SHA1

cbfd512f3a0166148f279a42f48e822b35f6cd6f
SHA256

073c4efd1518d42518c276fc6e4e8fa3cec6f8a6a6c8f6e6cbc2f9b3d964ca23
SHA512

db82e55bf951b8a6a166d4f3da722afe33d646058e5c988bc5afa304dc4efee52aedd06fea1ea611d453aba629cd1122ce9a40e9ede92d5745c7156225f002c2
SSDEEP

1536:1BucKHs7K2HEG7BpoWiZBYHs977q+7INVdU2Aneb61TVcz+3MJb6rcV+:PuchogM57bIL+eb61TVa+3MJb6Q+

Score

10^/10

urelas trojan

Malware Config

Extracted

Family

urelas

C2

112.175.88.208

112.175.88.209

112.175.88.207

Targets

- Target
  
  18822e5419887f3c3905917295d7c742_JaffaCakes118
- Size
  
  208KB
- MD5
  
  18822e5419887f3c3905917295d7c742
- SHA1
  
  cbfd512f3a0166148f279a42f48e822b35f6cd6f
- SHA256
  
  073c4efd1518d42518c276fc6e4e8fa3cec6f8a6a6c8f6e6cbc2f9b3d964ca23
- SHA512
  
  db82e55bf951b8a6a166d4f3da722afe33d646058e5c988bc5afa304dc4efee52aedd06fea1ea611d453aba629cd1122ce9a40e9ede92d5745c7156225f002c2
- SSDEEP
  
  1536:1BucKHs7K2HEG7BpoWiZBYHs977q+7INVdU2Aneb61TVcz+3MJb6rcV+:PuchogM57bIL+eb61TVa+3MJb6Q+
Score

10^/10

urelas trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2