urelas | 75e264555607c1d2f33b83af419e3ca60cad91434fcd388dcb0793d6108dd4b8 | Triage

Sharing

General

Target

daf95dbded8a9a4ebeb1f399dcc86e5e_JaffaCakes118
Size

447KB
Sample

240911-w5zz3swbkp
MD5

daf95dbded8a9a4ebeb1f399dcc86e5e
SHA1

a9f93e0beb488ec4be361b3dae2dd8f10dbd47f8
SHA256

75e264555607c1d2f33b83af419e3ca60cad91434fcd388dcb0793d6108dd4b8
SHA512

1700eb638ed450a66ffa15896719ea39457e3a283761fe81fd58f15e81ffc123dd463103e0598ac2ca5bb7af670c0cf54ceca23d5c4c78fed3f44cde915fda4a
SSDEEP

6144:PEK25f5ySIcWLsxIIW4DYM6SB6v+qLnAzYmhwrxcvkzmSOpl:PMpASIcWYx2U6hAJQnS

Score

10^/10

urelas discovery trojan

Malware Config

Extracted

Family

urelas

C2

218.54.31.165

218.54.31.226

Targets

- Target
  
  daf95dbded8a9a4ebeb1f399dcc86e5e_JaffaCakes118
- Size
  
  447KB
- MD5
  
  daf95dbded8a9a4ebeb1f399dcc86e5e
- SHA1
  
  a9f93e0beb488ec4be361b3dae2dd8f10dbd47f8
- SHA256
  
  75e264555607c1d2f33b83af419e3ca60cad91434fcd388dcb0793d6108dd4b8
- SHA512
  
  1700eb638ed450a66ffa15896719ea39457e3a283761fe81fd58f15e81ffc123dd463103e0598ac2ca5bb7af670c0cf54ceca23d5c4c78fed3f44cde915fda4a
- SSDEEP
  
  6144:PEK25f5ySIcWLsxIIW4DYM6SB6v+qLnAzYmhwrxcvkzmSOpl:PMpASIcWYx2U6hAJQnS
Score

10^/10

urelas discovery trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

urelasdiscoverytrojan

behavioral2

urelasdiscoverytrojan