urelas | 86fa5ba5cc108a5c82aa81e5ab15838bb9d0219c2aea0b66d55186ed15fe7bf3 | Triage

Sharing

General

Target

64c65eab2ffae4d28cf39aacfc529097_JaffaCakes118
Size

466KB
Sample

241021-ad88sayand
MD5

64c65eab2ffae4d28cf39aacfc529097
SHA1

d7e434a005c8dfbfbdbf9213a702174fd87146a2
SHA256

86fa5ba5cc108a5c82aa81e5ab15838bb9d0219c2aea0b66d55186ed15fe7bf3
SHA512

da63fa9b08b4a306c40ab95f9256f96722b4fef61b2114de92ff0aafc4559c06112f8da5e12c87f63a0192b255a54156672b1a51dc4aca0896448d78327a79f3
SSDEEP

12288:j3CtSokfFGUMKwlTIU/b37dJ75WEe+eKTxB6mB:jx9GzHlTv/b35tecFB6E

Score

10^/10

urelas discovery trojan

Malware Config

Extracted

Family

urelas

C2

121.88.5.183

121.88.5.184

Targets

- Target
  
  64c65eab2ffae4d28cf39aacfc529097_JaffaCakes118
- Size
  
  466KB
- MD5
  
  64c65eab2ffae4d28cf39aacfc529097
- SHA1
  
  d7e434a005c8dfbfbdbf9213a702174fd87146a2
- SHA256
  
  86fa5ba5cc108a5c82aa81e5ab15838bb9d0219c2aea0b66d55186ed15fe7bf3
- SHA512
  
  da63fa9b08b4a306c40ab95f9256f96722b4fef61b2114de92ff0aafc4559c06112f8da5e12c87f63a0192b255a54156672b1a51dc4aca0896448d78327a79f3
- SSDEEP
  
  12288:j3CtSokfFGUMKwlTIU/b37dJ75WEe+eKTxB6mB:jx9GzHlTv/b35tecFB6E
Score

10^/10

urelas discovery trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

urelasdiscoverytrojan

behavioral2

urelasdiscoverytrojan