urelas | 3dcb3ef56082d0718849aa974698134a13d21a0f875688a4a8deb7fde7427007 | Triage

Sharing

General

Target

251a904b8e0f1e999df67f63d1a0b8a1_JaffaCakes118
Size

169KB
Sample

240704-h8cr3asfnf
MD5

251a904b8e0f1e999df67f63d1a0b8a1
SHA1

c32ac774e5758fb8fdd1f35dbb2b886ca244bece
SHA256

3dcb3ef56082d0718849aa974698134a13d21a0f875688a4a8deb7fde7427007
SHA512

d53af8a12f0360f4ca0806c38e5e8479272271ccbad3ff0086abf8fb89094c3b07a37d4c96d7c260840aed2c0c9e2d6412c3c784ec4404ec4a6c8c76daf91cd9
SSDEEP

1536:eADA0Wbt1931D2P7BWLQ4zR4LUKMcPHFE3HP/GTW65CGEgvpxyTfF:eADA0Wc7UJ6LZMaHLW65DE8pxW9

Score

10^/10

urelas trojan

Malware Config

Extracted

Family

urelas

C2

112.175.88.208

112.175.88.207

Targets

- Target
  
  251a904b8e0f1e999df67f63d1a0b8a1_JaffaCakes118
- Size
  
  169KB
- MD5
  
  251a904b8e0f1e999df67f63d1a0b8a1
- SHA1
  
  c32ac774e5758fb8fdd1f35dbb2b886ca244bece
- SHA256
  
  3dcb3ef56082d0718849aa974698134a13d21a0f875688a4a8deb7fde7427007
- SHA512
  
  d53af8a12f0360f4ca0806c38e5e8479272271ccbad3ff0086abf8fb89094c3b07a37d4c96d7c260840aed2c0c9e2d6412c3c784ec4404ec4a6c8c76daf91cd9
- SSDEEP
  
  1536:eADA0Wbt1931D2P7BWLQ4zR4LUKMcPHFE3HP/GTW65CGEgvpxyTfF:eADA0Wc7UJ6LZMaHLW65DE8pxW9
Score

10^/10

urelas trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2