urelas | ccc149df0be1f840160a1f49b9c4eb9144f70748d755132ad5bf9767f695b573 | Triage

Sharing

General

Target

29c2b584d0c949f6d6eb2378d7b5ed50_JaffaCakes118
Size

185KB
Sample

240707-f682davdkr
MD5

29c2b584d0c949f6d6eb2378d7b5ed50
SHA1

aecbb9b45cd5f575671bc00fad8ecdf6c1aed896
SHA256

ccc149df0be1f840160a1f49b9c4eb9144f70748d755132ad5bf9767f695b573
SHA512

0b34c2b14745b0880c666c12ea04fc818fbe0ae0c8b8e20ccda8c159773ad2524752e085917c2a8454e758941517e2b708e7602bbef237817aea7c01762d859a
SSDEEP

1536:TPwN8ukP5sZK20EGIBpwW6NeleEQ77nuUWXJmU2Ajpf8oI4KEAUgi:Thuk8QsH47nW5ppkoI4KEAUgi

Score

10^/10

urelas trojan

Malware Config

Extracted

Family

urelas

C2

112.175.88.207

112.175.88.208

Targets

- Target
  
  29c2b584d0c949f6d6eb2378d7b5ed50_JaffaCakes118
- Size
  
  185KB
- MD5
  
  29c2b584d0c949f6d6eb2378d7b5ed50
- SHA1
  
  aecbb9b45cd5f575671bc00fad8ecdf6c1aed896
- SHA256
  
  ccc149df0be1f840160a1f49b9c4eb9144f70748d755132ad5bf9767f695b573
- SHA512
  
  0b34c2b14745b0880c666c12ea04fc818fbe0ae0c8b8e20ccda8c159773ad2524752e085917c2a8454e758941517e2b708e7602bbef237817aea7c01762d859a
- SSDEEP
  
  1536:TPwN8ukP5sZK20EGIBpwW6NeleEQ77nuUWXJmU2Ajpf8oI4KEAUgi:Thuk8QsH47nW5ppkoI4KEAUgi
Score

10^/10

urelas trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2