urelas | e405375bce9a6dd921531f4b69303ab2f934d4bd31b1739062501da5cce96901 | Triage

Sharing

General

Target

7918f09103a1c2639f4981960d9de8cd_JaffaCakes118
Size

403KB
Sample

240727-wvmxrsscmj
MD5

7918f09103a1c2639f4981960d9de8cd
SHA1

b037ed5c1d59c0f2b4bd80a1edda3d04aea5dd29
SHA256

e405375bce9a6dd921531f4b69303ab2f934d4bd31b1739062501da5cce96901
SHA512

f4ed48de2302d9254cefc1d259ba6d29edfe79139bd865af8fd10a03953bf721badebda9243c7aa88e55d0fb4762ede7137179de52b04859e099fd9c2179fb48
SSDEEP

6144:85SXvBoDWoyLYyzbkPC4DYM6SB6v+qLnAzYmhwrxcvkzmSBrohT:8IfBoDWoyFblU6hAJQnOd

Score

10^/10

urelas discovery trojan

Malware Config

Extracted

Family

urelas

C2

218.54.31.165

218.54.31.226

Targets

- Target
  
  7918f09103a1c2639f4981960d9de8cd_JaffaCakes118
- Size
  
  403KB
- MD5
  
  7918f09103a1c2639f4981960d9de8cd
- SHA1
  
  b037ed5c1d59c0f2b4bd80a1edda3d04aea5dd29
- SHA256
  
  e405375bce9a6dd921531f4b69303ab2f934d4bd31b1739062501da5cce96901
- SHA512
  
  f4ed48de2302d9254cefc1d259ba6d29edfe79139bd865af8fd10a03953bf721badebda9243c7aa88e55d0fb4762ede7137179de52b04859e099fd9c2179fb48
- SSDEEP
  
  6144:85SXvBoDWoyLYyzbkPC4DYM6SB6v+qLnAzYmhwrxcvkzmSBrohT:8IfBoDWoyFblU6hAJQnOd
Score

10^/10

urelas discovery trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

urelasdiscoverytrojan

behavioral2

urelasdiscoverytrojan