urelas | 7d8555bd5b2901dbabbf967f36c6e3e08456836efc7ce91ae48eb75dc23ab0d9 | Triage

Sharing

General

Target

8e3ea403df9de189ae02117cd58bde38_JaffaCakes118
Size

108KB
Sample

241104-aq69ysydne
MD5

8e3ea403df9de189ae02117cd58bde38
SHA1

d80f2b2e5afa45505e72a9717462f38e989a966f
SHA256

7d8555bd5b2901dbabbf967f36c6e3e08456836efc7ce91ae48eb75dc23ab0d9
SHA512

83cca9358360383acf50b0477c1735a34e24ac2cfcea9df3fcb6c8d8f85f9d3880afd4b3d0fa4e1f1b8d789ef09fb1fad2d4e5b5be4882ea2f52d3ccc673fd53
SSDEEP

1536:3JoHHwAnTtIBcNCk+syhonfC3GNKcK7+sWjcd8sWL64TGFjb:4tCc+/h0fmSid81L64TGVb

Score

10^/10

urelas discovery trojan

Malware Config

Extracted

Family

urelas

C2

218.54.47.76

218.54.47.77

218.54.47.74

Targets

- Target
  
  8e3ea403df9de189ae02117cd58bde38_JaffaCakes118
- Size
  
  108KB
- MD5
  
  8e3ea403df9de189ae02117cd58bde38
- SHA1
  
  d80f2b2e5afa45505e72a9717462f38e989a966f
- SHA256
  
  7d8555bd5b2901dbabbf967f36c6e3e08456836efc7ce91ae48eb75dc23ab0d9
- SHA512
  
  83cca9358360383acf50b0477c1735a34e24ac2cfcea9df3fcb6c8d8f85f9d3880afd4b3d0fa4e1f1b8d789ef09fb1fad2d4e5b5be4882ea2f52d3ccc673fd53
- SSDEEP
  
  1536:3JoHHwAnTtIBcNCk+syhonfC3GNKcK7+sWjcd8sWL64TGFjb:4tCc+/h0fmSid81L64TGVb
Score

10^/10

urelas discovery trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Urelas family
  urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

urelasdiscoverytrojan

behavioral2

urelasdiscoverytrojan