urelas | 5877e3b7f7481004bf6e91db4c9a0fb08e0ce9fe8ec5ba60a9e889d4665905b8 | Triage

Sharing

General

Target

c8972305eaf4f2ae11571d0f265769d8_JaffaCakes118
Size

184KB
Sample

241205-t9lbdasqct
MD5

c8972305eaf4f2ae11571d0f265769d8
SHA1

d4923e717f73e6e16969d723b8c6a8abff0299f0
SHA256

5877e3b7f7481004bf6e91db4c9a0fb08e0ce9fe8ec5ba60a9e889d4665905b8
SHA512

475f284abdffe983e42b034c2c4c5b84f474a054597e8da44f5e95b0675a189d25ff26be635df4c515ebd4c4375e24974f80593d7e6afecac109c0254beba07a
SSDEEP

3072:1tpCP+/oGvWSldHy64T9fQmZ+luXwy2f9LDh5Yc:Tp+IrvNyhhh4yfWvMc

Score

10^/10

urelas discovery trojan

Malware Config

Extracted

Family

urelas

C2

218.54.47.76

218.54.47.77

218.54.47.74

Targets

- Target
  
  c8972305eaf4f2ae11571d0f265769d8_JaffaCakes118
- Size
  
  184KB
- MD5
  
  c8972305eaf4f2ae11571d0f265769d8
- SHA1
  
  d4923e717f73e6e16969d723b8c6a8abff0299f0
- SHA256
  
  5877e3b7f7481004bf6e91db4c9a0fb08e0ce9fe8ec5ba60a9e889d4665905b8
- SHA512
  
  475f284abdffe983e42b034c2c4c5b84f474a054597e8da44f5e95b0675a189d25ff26be635df4c515ebd4c4375e24974f80593d7e6afecac109c0254beba07a
- SSDEEP
  
  3072:1tpCP+/oGvWSldHy64T9fQmZ+luXwy2f9LDh5Yc:Tp+IrvNyhhh4yfWvMc
Score

10^/10

urelas discovery trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Urelas family
  urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

urelasdiscoverytrojan

behavioral2

urelasdiscoverytrojan