urelas | 4b977cf4a8537225d40489ef6b86464943d0c6e21bfacb1713022d0dcdae3f6f | Triage

Sharing

General

Target

c6112938a6260ef29476f72e3c472760_JaffaCakes118
Size

156KB
Sample

241205-fwl4vszphy
MD5

c6112938a6260ef29476f72e3c472760
SHA1

4fd2916d27c822c7b1104d32c53fc453eee2d2b6
SHA256

4b977cf4a8537225d40489ef6b86464943d0c6e21bfacb1713022d0dcdae3f6f
SHA512

5c75ec2483cb3fb0c5018ad1ead40ca742f7c0dce8db3063c58e101e57b7396ef5af852da61425066266f1fc3174344efd86ca851724deb2d0773bda84f0e979
SSDEEP

1536:yXZ56F5r5JZJWEtVpFqN9BBKweuVHZJ71/j+suPG0Hc18yPsWjcdWny6k04yW/Xh:yp56zRJ83+OJ7NoGvdwWy6k04yW/KNg

Score

10^/10

urelas discovery trojan

Malware Config

Extracted

Family

urelas

C2

218.54.47.76

218.54.47.77

218.54.47.74

Targets

- Target
  
  c6112938a6260ef29476f72e3c472760_JaffaCakes118
- Size
  
  156KB
- MD5
  
  c6112938a6260ef29476f72e3c472760
- SHA1
  
  4fd2916d27c822c7b1104d32c53fc453eee2d2b6
- SHA256
  
  4b977cf4a8537225d40489ef6b86464943d0c6e21bfacb1713022d0dcdae3f6f
- SHA512
  
  5c75ec2483cb3fb0c5018ad1ead40ca742f7c0dce8db3063c58e101e57b7396ef5af852da61425066266f1fc3174344efd86ca851724deb2d0773bda84f0e979
- SSDEEP
  
  1536:yXZ56F5r5JZJWEtVpFqN9BBKweuVHZJ71/j+suPG0Hc18yPsWjcdWny6k04yW/Xh:yp56zRJ83+OJ7NoGvdwWy6k04yW/KNg
Score

10^/10

urelas discovery trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Urelas family
  urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

urelasdiscoverytrojan

behavioral2

urelasdiscoverytrojan