urelas | 2f61675e9ea414fbad8c9f174b0318acc0e968d31cfdbc8f69443ec234a9c495 | Triage

Sharing

General

Target

1ab50a64b28eb24c4ba25cce1e4a10b3_JaffaCakes118
Size

782KB
Sample

240701-k21lnasgmf
MD5

1ab50a64b28eb24c4ba25cce1e4a10b3
SHA1

97e6fc6e2d7a39c54b07ccb2b7398d73ba287eba
SHA256

2f61675e9ea414fbad8c9f174b0318acc0e968d31cfdbc8f69443ec234a9c495
SHA512

00702a4917dc61c3c9882b88380462326a6abf571081d52bf3ae0679e2adaed84d2906dc63507e87485360f001406fc692da3391851d2c4371b4020877865a49
SSDEEP

12288:YOlx4kk9HKda4YfM/1T3PPSnPI2VAWNDTJHq9DIMTW8c10:YA4Ya1fQzPPSnPFqWtTJK9DIMTW8F

Score

10^/10

urelas trojan

Malware Config

Extracted

Family

urelas

C2

1.234.83.146

133.242.129.155

218.54.31.226

218.54.31.165

Targets

- Target
  
  1ab50a64b28eb24c4ba25cce1e4a10b3_JaffaCakes118
- Size
  
  782KB
- MD5
  
  1ab50a64b28eb24c4ba25cce1e4a10b3
- SHA1
  
  97e6fc6e2d7a39c54b07ccb2b7398d73ba287eba
- SHA256
  
  2f61675e9ea414fbad8c9f174b0318acc0e968d31cfdbc8f69443ec234a9c495
- SHA512
  
  00702a4917dc61c3c9882b88380462326a6abf571081d52bf3ae0679e2adaed84d2906dc63507e87485360f001406fc692da3391851d2c4371b4020877865a49
- SSDEEP
  
  12288:YOlx4kk9HKda4YfM/1T3PPSnPI2VAWNDTJHq9DIMTW8c10:YA4Ya1fQzPPSnPFqWtTJK9DIMTW8F
Score

10^/10

urelas trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2