urelas | adbed124faeae69e6e0355bea43ee6531f390524eb7759140e5843e580f41fd6 | Triage

Sharing

General

Target

7fe3d3e31683778477219e67511be5c9_JaffaCakes118
Size

403KB
Sample

240801-kv26xawhnf
MD5

7fe3d3e31683778477219e67511be5c9
SHA1

b5d8bbb1d4572db9116e3495d37c6cd87368e8ab
SHA256

adbed124faeae69e6e0355bea43ee6531f390524eb7759140e5843e580f41fd6
SHA512

defc00b3b23db8ec2867aad0ded035e0ba4e859bd464bc02283ae5594c5e7bdc10516e5844270aeed900f72d4e9dcd21feae6eee4b8fd6e841bf5e41378bc221
SSDEEP

6144:85SXvBoDWoyLYyzbkPC4DYM6SB6v+qLnAzYmhwrxcvkzmSBroh+:8IfBoDWoyFblU6hAJQnOc

Score

10^/10

urelas discovery trojan

Malware Config

Extracted

Family

urelas

C2

218.54.31.165

218.54.31.226

Targets

- Target
  
  7fe3d3e31683778477219e67511be5c9_JaffaCakes118
- Size
  
  403KB
- MD5
  
  7fe3d3e31683778477219e67511be5c9
- SHA1
  
  b5d8bbb1d4572db9116e3495d37c6cd87368e8ab
- SHA256
  
  adbed124faeae69e6e0355bea43ee6531f390524eb7759140e5843e580f41fd6
- SHA512
  
  defc00b3b23db8ec2867aad0ded035e0ba4e859bd464bc02283ae5594c5e7bdc10516e5844270aeed900f72d4e9dcd21feae6eee4b8fd6e841bf5e41378bc221
- SSDEEP
  
  6144:85SXvBoDWoyLYyzbkPC4DYM6SB6v+qLnAzYmhwrxcvkzmSBroh+:8IfBoDWoyFblU6hAJQnOc
Score

10^/10

urelas discovery trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

urelasdiscoverytrojan

behavioral2

urelasdiscoverytrojan