urelas | 83ab96f02c13fc5533b06cbc1302fd4a28aa3cda3dbb1e0c45f2b25e88e1302d | Triage

Sharing

General

Target

58d04b537ecb7ed4d86c74588fa3f067_JaffaCakes118
Size

404KB
Sample

240718-yjh6jswhld
MD5

58d04b537ecb7ed4d86c74588fa3f067
SHA1

7ce2fbb65d1aec35b41267a2b680e4943e38e5e4
SHA256

83ab96f02c13fc5533b06cbc1302fd4a28aa3cda3dbb1e0c45f2b25e88e1302d
SHA512

441f44dc7b23dc6585d97a9251ec576515f989265ad830219b1548a531cf1335789cffea17cd51282d459e30762c8ffdba2195493527feb62600cde3ce2c0e0b
SSDEEP

6144:85SXvBoDWoyLYyzbkPC4DYM6SB6v+qLnAzYmhwrxcvkzmSBrohT:8IfBoDWoyFblU6hAJQnOp

Score

10^/10

urelas trojan

Malware Config

Extracted

Family

urelas

C2

218.54.31.165

218.54.31.226

Targets

- Target
  
  58d04b537ecb7ed4d86c74588fa3f067_JaffaCakes118
- Size
  
  404KB
- MD5
  
  58d04b537ecb7ed4d86c74588fa3f067
- SHA1
  
  7ce2fbb65d1aec35b41267a2b680e4943e38e5e4
- SHA256
  
  83ab96f02c13fc5533b06cbc1302fd4a28aa3cda3dbb1e0c45f2b25e88e1302d
- SHA512
  
  441f44dc7b23dc6585d97a9251ec576515f989265ad830219b1548a531cf1335789cffea17cd51282d459e30762c8ffdba2195493527feb62600cde3ce2c0e0b
- SSDEEP
  
  6144:85SXvBoDWoyLYyzbkPC4DYM6SB6v+qLnAzYmhwrxcvkzmSBrohT:8IfBoDWoyFblU6hAJQnOp
Score

10^/10

urelas trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2