urelas | b2381c978e4ce6f6a73bac053e795640f8dab725fde79f3c2a4f0236adf8e919 | Triage

Sharing

General

Target

1f7a7f5d6688cd18177ead9609899aec_JaffaCakes118
Size

108KB
Sample

240702-qvphpsyejq
MD5

1f7a7f5d6688cd18177ead9609899aec
SHA1

2028d847783388c8f5a5bdb6b8aa9b5ae76df65d
SHA256

b2381c978e4ce6f6a73bac053e795640f8dab725fde79f3c2a4f0236adf8e919
SHA512

509ec9330d5ecf667393ac2d34fe97d4d4855d45b42e357c12c37f78bdf54ba7a673da12a35197c93b155fea0adbbd4e2c2f12164033b8a6f6564bb78264c49e
SSDEEP

1536:3JoHHwAnTtIBcNCk+syhonfC3GNKcK7+sWjcd8sWL64TGFjj:4tCc+/h0fmSid81L64TGVj

Score

10^/10

urelas trojan

Malware Config

Extracted

Family

urelas

C2

218.54.47.76

218.54.47.77

218.54.47.74

Targets

- Target
  
  1f7a7f5d6688cd18177ead9609899aec_JaffaCakes118
- Size
  
  108KB
- MD5
  
  1f7a7f5d6688cd18177ead9609899aec
- SHA1
  
  2028d847783388c8f5a5bdb6b8aa9b5ae76df65d
- SHA256
  
  b2381c978e4ce6f6a73bac053e795640f8dab725fde79f3c2a4f0236adf8e919
- SHA512
  
  509ec9330d5ecf667393ac2d34fe97d4d4855d45b42e357c12c37f78bdf54ba7a673da12a35197c93b155fea0adbbd4e2c2f12164033b8a6f6564bb78264c49e
- SSDEEP
  
  1536:3JoHHwAnTtIBcNCk+syhonfC3GNKcK7+sWjcd8sWL64TGFjj:4tCc+/h0fmSid81L64TGVj
Score

10^/10

urelas trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2