urelas | 9e1e44956366243b749a4643be79ef8af2abd70dc9317d460f05d8d925aab203 | Triage

Sharing

General

Target

39124db345aa89edeb9b8758c25b8fc8_JaffaCakes118
Size

59KB
Sample

240711-pe3vqawbml
MD5

39124db345aa89edeb9b8758c25b8fc8
SHA1

c696a0e3074e1cfa88296a7c2044a2bc129aefe6
SHA256

9e1e44956366243b749a4643be79ef8af2abd70dc9317d460f05d8d925aab203
SHA512

9fc7a796539d052a8b125f3e5535f99d143cff1459526a9b97673c2912d50152776b339c9e949cdade1f458bee28c43d2c78595ddffe69b1d2e9c61c2f272865
SSDEEP

768:n5mhew0GpSyMe6hwUkdwJzh+qciaQRENEzxZbARtR06g2wqp4YPeznellmqGwxPd:nK0GjMeQG3iaQREuVZ6ro29p4YxbKd6

Score

10^/10

urelas trojan

Malware Config

Extracted

Family

urelas

C2

218.54.47.76

218.54.47.77

218.54.47.74

Targets

- Target
  
  39124db345aa89edeb9b8758c25b8fc8_JaffaCakes118
- Size
  
  59KB
- MD5
  
  39124db345aa89edeb9b8758c25b8fc8
- SHA1
  
  c696a0e3074e1cfa88296a7c2044a2bc129aefe6
- SHA256
  
  9e1e44956366243b749a4643be79ef8af2abd70dc9317d460f05d8d925aab203
- SHA512
  
  9fc7a796539d052a8b125f3e5535f99d143cff1459526a9b97673c2912d50152776b339c9e949cdade1f458bee28c43d2c78595ddffe69b1d2e9c61c2f272865
- SSDEEP
  
  768:n5mhew0GpSyMe6hwUkdwJzh+qciaQRENEzxZbARtR06g2wqp4YPeznellmqGwxPd:nK0GjMeQG3iaQREuVZ6ro29p4YxbKd6
Score

10^/10

urelas trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2