urelas | 6c55e6f97bf0bc0f747c41be0f4c24506565e70e4cd905bf6824045ddc8d09e5 | Triage

Sharing

General

Target

729e48bf2f40a750ff41f67fa56b550b_JaffaCakes118
Size

50KB
Sample

240726-e872eswhrm
MD5

729e48bf2f40a750ff41f67fa56b550b
SHA1

c6756ad59ea442216b3e66309454588e56a42531
SHA256

6c55e6f97bf0bc0f747c41be0f4c24506565e70e4cd905bf6824045ddc8d09e5
SHA512

1ac108c6c98e1130c9811032b5d5bd485c3ca096470ce49ea5014fd3d0643be8855ad6c304a093e2845ac1ab9424e8d5f1eb3e964bfa4ecf9144a1e5ebcafb6f
SSDEEP

1536:834/PC7Ruz3hRXRASULZ6JKYdbzcmhCZnb:It7R8fU6n8b

Score

10^/10

urelas discovery trojan

Malware Config

Extracted

Family

urelas

C2

112.175.88.207

112.175.88.208

Targets

- Target
  
  729e48bf2f40a750ff41f67fa56b550b_JaffaCakes118
- Size
  
  50KB
- MD5
  
  729e48bf2f40a750ff41f67fa56b550b
- SHA1
  
  c6756ad59ea442216b3e66309454588e56a42531
- SHA256
  
  6c55e6f97bf0bc0f747c41be0f4c24506565e70e4cd905bf6824045ddc8d09e5
- SHA512
  
  1ac108c6c98e1130c9811032b5d5bd485c3ca096470ce49ea5014fd3d0643be8855ad6c304a093e2845ac1ab9424e8d5f1eb3e964bfa4ecf9144a1e5ebcafb6f
- SSDEEP
  
  1536:834/PC7Ruz3hRXRASULZ6JKYdbzcmhCZnb:It7R8fU6n8b
Score

10^/10

urelas discovery trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

urelasdiscoverytrojan

behavioral2

urelasdiscoverytrojan