urelas | 21ecc1cfb8eb61af31c4d1a7778d076f38fe4d9210194d84eaae50f637230986 | Triage

Sharing

General

Target

615c29309d7c0af3a24efabc780d3179_JaffaCakes118
Size

782KB
Sample

241020-kr4kkazane
MD5

615c29309d7c0af3a24efabc780d3179
SHA1

ca7c99bced2b7a758925db42571e4b191a0f3a1d
SHA256

21ecc1cfb8eb61af31c4d1a7778d076f38fe4d9210194d84eaae50f637230986
SHA512

0cc0d03edd45795f763e3a08a80be90554c823e37d346eaac72a8b8e4e79ab39428b204ac228599b3e887471fd3da8a1895e8389b9eaf2ede49fe56d217acd2b
SSDEEP

12288:YOlx4kk9HKda4YfM/1T3PPSnPI2VAWNDTJHq9DIMTW8c1E:YA4Ya1fQzPPSnPFqWtTJK9DIMTW8B

Score

10^/10

urelas discovery trojan

Malware Config

Extracted

Family

urelas

C2

1.234.83.146

133.242.129.155

218.54.31.226

218.54.31.165

Targets

- Target
  
  615c29309d7c0af3a24efabc780d3179_JaffaCakes118
- Size
  
  782KB
- MD5
  
  615c29309d7c0af3a24efabc780d3179
- SHA1
  
  ca7c99bced2b7a758925db42571e4b191a0f3a1d
- SHA256
  
  21ecc1cfb8eb61af31c4d1a7778d076f38fe4d9210194d84eaae50f637230986
- SHA512
  
  0cc0d03edd45795f763e3a08a80be90554c823e37d346eaac72a8b8e4e79ab39428b204ac228599b3e887471fd3da8a1895e8389b9eaf2ede49fe56d217acd2b
- SSDEEP
  
  12288:YOlx4kk9HKda4YfM/1T3PPSnPI2VAWNDTJHq9DIMTW8c1E:YA4Ya1fQzPPSnPFqWtTJK9DIMTW8B
Score

10^/10

urelas discovery trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

urelasdiscoverytrojan

behavioral2

urelasdiscoverytrojan