urelas | ef77a39d6ff99251b4f691bc8c139543a27b093b6bd99133a5e9886e23dbc895 | Triage

Sharing

General

Target

400dd0eb97bb2194a8aa8ecf10704067_JaffaCakes118
Size

466KB
Sample

240713-d869fsthjr
MD5

400dd0eb97bb2194a8aa8ecf10704067
SHA1

2913b9259f24834ecbd714ebed50cc32ddfc5cf9
SHA256

ef77a39d6ff99251b4f691bc8c139543a27b093b6bd99133a5e9886e23dbc895
SHA512

0804adb7ddd5fad1b46033d03db07141fdd0f2151234fa306e6b04f534c2be18aae70fa0d7f18601c61fedeb27bfbea41c8f0a3f4672602efc1d923cbc2e475c
SSDEEP

12288:j3CtSokfFGUMKwlTIU/b37dJ75WEe+eKTxB6m8:jx9GzHlTv/b35tecFB69

Score

10^/10

urelas trojan

Malware Config

Extracted

Family

urelas

C2

121.88.5.183

121.88.5.184

Targets

- Target
  
  400dd0eb97bb2194a8aa8ecf10704067_JaffaCakes118
- Size
  
  466KB
- MD5
  
  400dd0eb97bb2194a8aa8ecf10704067
- SHA1
  
  2913b9259f24834ecbd714ebed50cc32ddfc5cf9
- SHA256
  
  ef77a39d6ff99251b4f691bc8c139543a27b093b6bd99133a5e9886e23dbc895
- SHA512
  
  0804adb7ddd5fad1b46033d03db07141fdd0f2151234fa306e6b04f534c2be18aae70fa0d7f18601c61fedeb27bfbea41c8f0a3f4672602efc1d923cbc2e475c
- SSDEEP
  
  12288:j3CtSokfFGUMKwlTIU/b37dJ75WEe+eKTxB6m8:jx9GzHlTv/b35tecFB69
Score

10^/10

urelas trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2