urelas | 6012b35fc58f6154d0ecc00c1e56db0aba850cb6ddef2679c1763fc20fc6b289 | Triage

Sharing

General

Target

7aadedf28a0c97b73a5660070007e6ee_JaffaCakes118
Size

446KB
Sample

241028-y2pq2swfqn
MD5

7aadedf28a0c97b73a5660070007e6ee
SHA1

13fe0ec7a22dd98971f1956cb0c561e57a9e53e1
SHA256

6012b35fc58f6154d0ecc00c1e56db0aba850cb6ddef2679c1763fc20fc6b289
SHA512

6e521042f13307817200b638ee0d108e63fc8fa7326f5cb22acdf4bcb0bb5ed368898759713a0f94f6fbeaf25f3d2df3d37abaada0176b2b539d54e4da880275
SSDEEP

6144:PEK25f5ySIcWLsxIIW4DYM6SB6v+qLnAzYmhwrxcvkzmSOpo0:PMpASIcWYx2U6hAJQn4

Score

10^/10

urelas discovery trojan

Malware Config

Extracted

Family

urelas

C2

218.54.31.165

218.54.31.226

Targets

- Target
  
  7aadedf28a0c97b73a5660070007e6ee_JaffaCakes118
- Size
  
  446KB
- MD5
  
  7aadedf28a0c97b73a5660070007e6ee
- SHA1
  
  13fe0ec7a22dd98971f1956cb0c561e57a9e53e1
- SHA256
  
  6012b35fc58f6154d0ecc00c1e56db0aba850cb6ddef2679c1763fc20fc6b289
- SHA512
  
  6e521042f13307817200b638ee0d108e63fc8fa7326f5cb22acdf4bcb0bb5ed368898759713a0f94f6fbeaf25f3d2df3d37abaada0176b2b539d54e4da880275
- SSDEEP
  
  6144:PEK25f5ySIcWLsxIIW4DYM6SB6v+qLnAzYmhwrxcvkzmSOpo0:PMpASIcWYx2U6hAJQn4
Score

10^/10

urelas discovery trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Urelas family
  urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

urelasdiscoverytrojan

behavioral2

urelasdiscoverytrojan