urelas | 577346c68b2c6aae31ccc7ff0c8f325d5579ebc35c257996b69e3cb009eab0a4 | Triage

Sharing

General

Target

846296e641ca832b0fcb1d9e127968a8_JaffaCakes118
Size

510KB
Sample

241101-mxqa8s1pdn
MD5

846296e641ca832b0fcb1d9e127968a8
SHA1

cb914f7418641a1f5226ec7bc46c066e54c69ec3
SHA256

577346c68b2c6aae31ccc7ff0c8f325d5579ebc35c257996b69e3cb009eab0a4
SHA512

f3852c8b032681aff93c00f869e69b5667a0caf768323aff0b92fb7449783022343c3eb627ccbea560cf0ad356fc51a1775dd7ceb19a0f2672417fc9e09028b3
SSDEEP

12288:j/fCEOMsm8nc3qWQ8wqKhb43nLl5tDrXlFu:j/D0caF8wvhb43pDbu

Score

10^/10

urelas discovery trojan

Malware Config

Extracted

Family

urelas

C2

1.234.83.146

133.242.129.155

218.54.31.226

218.54.30.235

218.54.31.165

Targets

- Target
  
  846296e641ca832b0fcb1d9e127968a8_JaffaCakes118
- Size
  
  510KB
- MD5
  
  846296e641ca832b0fcb1d9e127968a8
- SHA1
  
  cb914f7418641a1f5226ec7bc46c066e54c69ec3
- SHA256
  
  577346c68b2c6aae31ccc7ff0c8f325d5579ebc35c257996b69e3cb009eab0a4
- SHA512
  
  f3852c8b032681aff93c00f869e69b5667a0caf768323aff0b92fb7449783022343c3eb627ccbea560cf0ad356fc51a1775dd7ceb19a0f2672417fc9e09028b3
- SSDEEP
  
  12288:j/fCEOMsm8nc3qWQ8wqKhb43nLl5tDrXlFu:j/D0caF8wvhb43pDbu
Score

10^/10

urelas discovery trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Urelas family
  urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

urelasdiscoverytrojan

behavioral2

urelasdiscoverytrojan