urelas | accf7142aadfa962d7d9b6429c187f947d4dfb18b1efce16ffc7bfd3a783243b | Triage

Sharing

General

Target

c4d388d5c665a255bfca5e23cfd64c64_JaffaCakes118
Size

135KB
Sample

241204-3e7qkawqcx
MD5

c4d388d5c665a255bfca5e23cfd64c64
SHA1

ecea4051eb5b16bd2c9fd38bf63683b670036050
SHA256

accf7142aadfa962d7d9b6429c187f947d4dfb18b1efce16ffc7bfd3a783243b
SHA512

6bb24aafc815062039d7f4a80b2cd5237f07b511d35cb0bc0e5fcbb2e00233c1936fead32cf879b2a9f57d42795dbfb8d1cfaf9a20a00943af1d26427a9b0372
SSDEEP

1536:P/oEkqfCZ10zcT9Yh8AIXcjyz9cOXfiXGImcatMrsWjcdf6odgR5APW:P/5kqCxiXEcO3XfGf2tMUf6odgR5AO

Score

10^/10

urelas discovery trojan

Malware Config

Extracted

Family

urelas

C2

218.54.47.76

218.54.47.77

218.54.47.74

Targets

- Target
  
  c4d388d5c665a255bfca5e23cfd64c64_JaffaCakes118
- Size
  
  135KB
- MD5
  
  c4d388d5c665a255bfca5e23cfd64c64
- SHA1
  
  ecea4051eb5b16bd2c9fd38bf63683b670036050
- SHA256
  
  accf7142aadfa962d7d9b6429c187f947d4dfb18b1efce16ffc7bfd3a783243b
- SHA512
  
  6bb24aafc815062039d7f4a80b2cd5237f07b511d35cb0bc0e5fcbb2e00233c1936fead32cf879b2a9f57d42795dbfb8d1cfaf9a20a00943af1d26427a9b0372
- SSDEEP
  
  1536:P/oEkqfCZ10zcT9Yh8AIXcjyz9cOXfiXGImcatMrsWjcdf6odgR5APW:P/5kqCxiXEcO3XfGf2tMUf6odgR5AO
Score

10^/10

urelas discovery trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Urelas family
  urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

urelasdiscoverytrojan

behavioral2

urelasdiscoverytrojan