urelas | ca1d85c1a83a956614124e70ed5f41490e596978d42758552d43e0c66e024fd8 | Triage

Sharing

General

Target

42d117f8cd79e5bdc3da86d0efc1f33b_JaffaCakes118
Size

187KB
Sample

240713-wztwwasamr
MD5

42d117f8cd79e5bdc3da86d0efc1f33b
SHA1

d2e6cd78658e621680621a617dbaad39a523f358
SHA256

ca1d85c1a83a956614124e70ed5f41490e596978d42758552d43e0c66e024fd8
SHA512

f8ea4631c76c5c8816a332dd7f287cec95001e6abad85a202d2f6ca117977f01531efbb4a759f866646af908adfecad33e4aca7446b0dd91f8a8a4d88d30cac8
SSDEEP

3072:u3mvqCDm+W03RB5eUp6UlD/mUKissApfA6y4YHFadL:2mvqeP33AYFIN9treHyL

Score

10^/10

urelas trojan

Malware Config

Extracted

Family

urelas

C2

218.54.47.76

218.54.47.77

218.54.47.74

Targets

- Target
  
  42d117f8cd79e5bdc3da86d0efc1f33b_JaffaCakes118
- Size
  
  187KB
- MD5
  
  42d117f8cd79e5bdc3da86d0efc1f33b
- SHA1
  
  d2e6cd78658e621680621a617dbaad39a523f358
- SHA256
  
  ca1d85c1a83a956614124e70ed5f41490e596978d42758552d43e0c66e024fd8
- SHA512
  
  f8ea4631c76c5c8816a332dd7f287cec95001e6abad85a202d2f6ca117977f01531efbb4a759f866646af908adfecad33e4aca7446b0dd91f8a8a4d88d30cac8
- SSDEEP
  
  3072:u3mvqCDm+W03RB5eUp6UlD/mUKissApfA6y4YHFadL:2mvqeP33AYFIN9treHyL
Score

10^/10

urelas trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2