General

  • Target

    4e7e69f4150256f297bb06ffda5fb540_JaffaCakes118

  • Size

    468KB

  • Sample

    241016-xnvjpswfmb

  • MD5

    4e7e69f4150256f297bb06ffda5fb540

  • SHA1

    79e570d8f3e432bc979967f86b40d350869eb307

  • SHA256

    020e5dc7846dcced9e75f6fc7de7a4492573a95b5f12d264b2dd25cd482870ed

  • SHA512

    c1df58e220369a2430788a7301b5bea072dd5e02edcbcd9778f56b30002fdb50494348924a5dd157f406f1bba6ceb192abfece9938222d63816aa6dcf02ed8b9

  • SSDEEP

    12288:m6twjLHj/8/GcHUIdPPzEmvTnabAh0ZnAr1UFV:m6tQCG0UUPzEkTn4AC1+s

Malware Config

Extracted

Family

urelas

C2

1.234.83.146

133.242.129.155

218.54.31.226

218.54.30.235

Targets

    • Target

      4e7e69f4150256f297bb06ffda5fb540_JaffaCakes118

    • Size

      468KB

    • MD5

      4e7e69f4150256f297bb06ffda5fb540

    • SHA1

      79e570d8f3e432bc979967f86b40d350869eb307

    • SHA256

      020e5dc7846dcced9e75f6fc7de7a4492573a95b5f12d264b2dd25cd482870ed

    • SHA512

      c1df58e220369a2430788a7301b5bea072dd5e02edcbcd9778f56b30002fdb50494348924a5dd157f406f1bba6ceb192abfece9938222d63816aa6dcf02ed8b9

    • SSDEEP

      12288:m6twjLHj/8/GcHUIdPPzEmvTnabAh0ZnAr1UFV:m6tQCG0UUPzEkTn4AC1+s

    • Urelas

      Urelas is a trojan targeting card games.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks