urelas | d6ea6a49c118506cfdcfa9a72f0b4e3e79afd6372df498010ae50476b17d598b | Triage

Sharing

General

Target

2e37d1a7cf8e2d5e5fbc93a3dd020016_JaffaCakes118
Size

109KB
Sample

240708-3gyknsxblg
MD5

2e37d1a7cf8e2d5e5fbc93a3dd020016
SHA1

e558d61d94acd2c8ba390392e14d83e764afd293
SHA256

d6ea6a49c118506cfdcfa9a72f0b4e3e79afd6372df498010ae50476b17d598b
SHA512

59fe5d15479a95f3d3cf233b10bcdd259facf77aa0ca166a9e3a6d99aed7970d55a49f50e8be6fae17f7739ad233f51f8237abaab92fe7639fdf023d07df361e
SSDEEP

1536:3JoHHwAnTtIBcNCk+syhonfC3GNKcK7+sWjcd8sWL64TGFjI91:4tCc+/h0fmSid81L64TGVI91

Score

10^/10

urelas trojan

Malware Config

Extracted

Family

urelas

C2

218.54.47.76

218.54.47.77

218.54.47.74

Targets

- Target
  
  2e37d1a7cf8e2d5e5fbc93a3dd020016_JaffaCakes118
- Size
  
  109KB
- MD5
  
  2e37d1a7cf8e2d5e5fbc93a3dd020016
- SHA1
  
  e558d61d94acd2c8ba390392e14d83e764afd293
- SHA256
  
  d6ea6a49c118506cfdcfa9a72f0b4e3e79afd6372df498010ae50476b17d598b
- SHA512
  
  59fe5d15479a95f3d3cf233b10bcdd259facf77aa0ca166a9e3a6d99aed7970d55a49f50e8be6fae17f7739ad233f51f8237abaab92fe7639fdf023d07df361e
- SSDEEP
  
  1536:3JoHHwAnTtIBcNCk+syhonfC3GNKcK7+sWjcd8sWL64TGFjI91:4tCc+/h0fmSid81L64TGVI91
Score

10^/10

urelas trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2