urelas | f1ff7d6e883357e0e5509d5f83dac3e3af91670089510b76cc7caba699659c71 | Triage

Sharing

General

Target

c7cda02f2f136ad064bd0c5014d623f9_JaffaCakes118
Size

777KB
Sample

241205-p7rcdsvqfy
MD5

c7cda02f2f136ad064bd0c5014d623f9
SHA1

95de8248db7678b929491e381a24258105b3111e
SHA256

f1ff7d6e883357e0e5509d5f83dac3e3af91670089510b76cc7caba699659c71
SHA512

137aa13bcc35b108bff3c10ba17b9be13ece93cd0786bba08755262806b992a54cffd22cb6660f9bacab74091580147e2f87d7964816d71f5e51415b4be65f58
SSDEEP

12288:YOlx4kk9HKda4YfM/1T3PPSnPI2VAWNDTJHq9DIMTW8c1O:YA4Ya1fQzPPSnPFqWtTJK9DIMTW8t

Score

10^/10

urelas discovery trojan

Malware Config

Extracted

Family

urelas

C2

1.234.83.146

133.242.129.155

218.54.31.226

218.54.31.165

Targets

- Target
  
  c7cda02f2f136ad064bd0c5014d623f9_JaffaCakes118
- Size
  
  777KB
- MD5
  
  c7cda02f2f136ad064bd0c5014d623f9
- SHA1
  
  95de8248db7678b929491e381a24258105b3111e
- SHA256
  
  f1ff7d6e883357e0e5509d5f83dac3e3af91670089510b76cc7caba699659c71
- SHA512
  
  137aa13bcc35b108bff3c10ba17b9be13ece93cd0786bba08755262806b992a54cffd22cb6660f9bacab74091580147e2f87d7964816d71f5e51415b4be65f58
- SSDEEP
  
  12288:YOlx4kk9HKda4YfM/1T3PPSnPI2VAWNDTJHq9DIMTW8c1O:YA4Ya1fQzPPSnPFqWtTJK9DIMTW8t
Score

10^/10

urelas discovery trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Urelas family
  urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

urelasdiscoverytrojan

behavioral2

urelasdiscoverytrojan