urelas | 27d38530b4521e2d63250fbdb0a7eba4c2f745e70fe5184b88595c0e742576a0 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

68ec8b53a6cff08531aaa9c77fe2e31d_JaffaCakes118
Size

59KB
Sample

241022-e662cazcrj
MD5

68ec8b53a6cff08531aaa9c77fe2e31d
SHA1

a006af85391817f0bc7089cd006c70d9d637e8ac
SHA256

27d38530b4521e2d63250fbdb0a7eba4c2f745e70fe5184b88595c0e742576a0
SHA512

96037a73b079da49d8faac89eaba65ab2add9bc65d5f69872f81a18396088e157bf5627bfcaeef49dc54b12f22e779805505ca45bdcad2802bef5c7377919d8d
SSDEEP

768:n5mhew0GpSyMe6hwUkdwJzh+qciaQRENEzxZbARtR06g2wqp4YPeznellmqGwxPa:nK0GjMeQG3iaQREuVZ6ro29p4YxbKd9

Score

10^/10

urelas discovery trojan

Malware Config

Extracted

Family

urelas

C2

218.54.47.76

218.54.47.77

218.54.47.74

Targets

- Target
  
  68ec8b53a6cff08531aaa9c77fe2e31d_JaffaCakes118
- Size
  
  59KB
- MD5
  
  68ec8b53a6cff08531aaa9c77fe2e31d
- SHA1
  
  a006af85391817f0bc7089cd006c70d9d637e8ac
- SHA256
  
  27d38530b4521e2d63250fbdb0a7eba4c2f745e70fe5184b88595c0e742576a0
- SHA512
  
  96037a73b079da49d8faac89eaba65ab2add9bc65d5f69872f81a18396088e157bf5627bfcaeef49dc54b12f22e779805505ca45bdcad2802bef5c7377919d8d
- SSDEEP
  
  768:n5mhew0GpSyMe6hwUkdwJzh+qciaQRENEzxZbARtR06g2wqp4YPeznellmqGwxPa:nK0GjMeQG3iaQREuVZ6ro29p4YxbKd9
Score

10^/10

urelas discovery trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

urelasdiscoverytrojan

behavioral2

urelasdiscoverytrojan