urelas | daf0fe36bfea5f2d9e8c6906dc06c7ace4ab5d353837650ccd0d935d7f05d635 | Triage

Sharing

General

Target

554e6956bfe6a57330badfb8f2037b2f_JaffaCakes118
Size

59KB
Sample

240717-3p99favfkq
MD5

554e6956bfe6a57330badfb8f2037b2f
SHA1

ecd22aae12108ff873322d44806f53e2b871a730
SHA256

daf0fe36bfea5f2d9e8c6906dc06c7ace4ab5d353837650ccd0d935d7f05d635
SHA512

99b7209b65425824ca60a6e80e8eb05d0c5f84fc81c9fd994ab40523b4b58ae0eb176556563870faf6322de0e802fbfe3b53968324a06b9f2fb09d7ebd7dad5b
SSDEEP

768:n5mhew0GpSyMe6hwUkdwJzh+qciaQRENEzxZbARtR06g2wqp4YPeznellmqGwxPs:nK0GjMeQG3iaQREuVZ6ro29p4YxbKdou

Score

10^/10

urelas trojan

Malware Config

Extracted

Family

urelas

C2

218.54.47.76

218.54.47.77

218.54.47.74

Targets

- Target
  
  554e6956bfe6a57330badfb8f2037b2f_JaffaCakes118
- Size
  
  59KB
- MD5
  
  554e6956bfe6a57330badfb8f2037b2f
- SHA1
  
  ecd22aae12108ff873322d44806f53e2b871a730
- SHA256
  
  daf0fe36bfea5f2d9e8c6906dc06c7ace4ab5d353837650ccd0d935d7f05d635
- SHA512
  
  99b7209b65425824ca60a6e80e8eb05d0c5f84fc81c9fd994ab40523b4b58ae0eb176556563870faf6322de0e802fbfe3b53968324a06b9f2fb09d7ebd7dad5b
- SSDEEP
  
  768:n5mhew0GpSyMe6hwUkdwJzh+qciaQRENEzxZbARtR06g2wqp4YPeznellmqGwxPs:nK0GjMeQG3iaQREuVZ6ro29p4YxbKdou
Score

10^/10

urelas trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2