General

  • Target

    32ca1b7aa8ce30caf896b5517a40c912_JaffaCakes118

  • Size

    322KB

  • Sample

    241011-cbemhavbmj

  • MD5

    32ca1b7aa8ce30caf896b5517a40c912

  • SHA1

    2c75a5f099a8418e3525d7e034783deddd1499ab

  • SHA256

    5c933f953f22be853de3a792afed1fc65eaa3ce8dba347c442a21a52e9a29135

  • SHA512

    a88da2de46c9555ae260c082c20e2da275799f99839c1b9b2f09279086429b5e5a4c338fa5563b7276e7afd1920ed43b5d10f5519d53fb54f19990b0bafdb6fb

  • SSDEEP

    6144:bNEo/rmV71+I8ZD/h/vFfhxxQO4B4tqv+Hq/On1NHwBzQ4bed76a3FoSx+:bNEo/6YnZVB1rkAqcNAzQCed7J1oSY

Malware Config

Extracted

Family

urelas

C2

1.234.83.146

133.242.129.155

218.54.31.226

218.54.31.165

Targets

    • Target

      32ca1b7aa8ce30caf896b5517a40c912_JaffaCakes118

    • Size

      322KB

    • MD5

      32ca1b7aa8ce30caf896b5517a40c912

    • SHA1

      2c75a5f099a8418e3525d7e034783deddd1499ab

    • SHA256

      5c933f953f22be853de3a792afed1fc65eaa3ce8dba347c442a21a52e9a29135

    • SHA512

      a88da2de46c9555ae260c082c20e2da275799f99839c1b9b2f09279086429b5e5a4c338fa5563b7276e7afd1920ed43b5d10f5519d53fb54f19990b0bafdb6fb

    • SSDEEP

      6144:bNEo/rmV71+I8ZD/h/vFfhxxQO4B4tqv+Hq/On1NHwBzQ4bed76a3FoSx+:bNEo/6YnZVB1rkAqcNAzQCed7J1oSY

    • Urelas

      Urelas is a trojan targeting card games.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks