urelas | b20e2f2d32009917778603fda0a1d5a9ace58fa33fd967b4ce1a59804cd7dd8e | Triage

Sharing

General

Target

3d4c70e993504876e9c6e0fd3e5b0ef9_JaffaCakes118
Size

693KB
Sample

240712-n6wp2ssemj
MD5

3d4c70e993504876e9c6e0fd3e5b0ef9
SHA1

4a57df4c4c669116bdd02adba67b19c161a0849d
SHA256

b20e2f2d32009917778603fda0a1d5a9ace58fa33fd967b4ce1a59804cd7dd8e
SHA512

316c7a4be7f8cbdf18a190f28ac02904fc887b568c32c9e396a71fea12c39d75982615147cb28472124c34bb6109db4b4ecaf99528c94bd357f55fa18c090259
SSDEEP

12288:LUyI6hJQglQA0IWb8DmPySxEuBZDxywHBlP94jpguwDxXlZ1nrU:dVh6gl6Iy8R9+ZdnnP94jpgl9BnrU

Score

10^/10

urelas trojan

Malware Config

Extracted

Family

urelas

C2

218.54.31.226

218.54.31.165

Targets

- Target
  
  3d4c70e993504876e9c6e0fd3e5b0ef9_JaffaCakes118
- Size
  
  693KB
- MD5
  
  3d4c70e993504876e9c6e0fd3e5b0ef9
- SHA1
  
  4a57df4c4c669116bdd02adba67b19c161a0849d
- SHA256
  
  b20e2f2d32009917778603fda0a1d5a9ace58fa33fd967b4ce1a59804cd7dd8e
- SHA512
  
  316c7a4be7f8cbdf18a190f28ac02904fc887b568c32c9e396a71fea12c39d75982615147cb28472124c34bb6109db4b4ecaf99528c94bd357f55fa18c090259
- SSDEEP
  
  12288:LUyI6hJQglQA0IWb8DmPySxEuBZDxywHBlP94jpguwDxXlZ1nrU:dVh6gl6Iy8R9+ZdnnP94jpgl9BnrU
Score

10^/10

urelas trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2