urelas | 9ef127038f9d8786e185527facb4e58e27f3cbdcebe3fac0dfee645f3ff1d475 | Triage

Sharing

General

Target

dbd58e36ee08793e9f5510619195d88c_JaffaCakes118
Size

466KB
Sample

241209-2cz29symfn
MD5

dbd58e36ee08793e9f5510619195d88c
SHA1

aa7a596e2f09be4badd1dabe5452ff09b7cc1db1
SHA256

9ef127038f9d8786e185527facb4e58e27f3cbdcebe3fac0dfee645f3ff1d475
SHA512

4ba186429f80c67ff18b9c7373c4336d5017388a534153947d496558b0e650fda2b7f927c13072c3698549a67e26f8fc7220df865e871f0feaa7d324fac8bb0e
SSDEEP

12288:j3CtSokfFGUMKwlTIU/b37dJ75WEe+eKTxB6mq:jx9GzHlTv/b35tecFB6X

Score

10^/10

urelas discovery trojan

Malware Config

Extracted

Family

urelas

C2

121.88.5.183

121.88.5.184

Targets

- Target
  
  dbd58e36ee08793e9f5510619195d88c_JaffaCakes118
- Size
  
  466KB
- MD5
  
  dbd58e36ee08793e9f5510619195d88c
- SHA1
  
  aa7a596e2f09be4badd1dabe5452ff09b7cc1db1
- SHA256
  
  9ef127038f9d8786e185527facb4e58e27f3cbdcebe3fac0dfee645f3ff1d475
- SHA512
  
  4ba186429f80c67ff18b9c7373c4336d5017388a534153947d496558b0e650fda2b7f927c13072c3698549a67e26f8fc7220df865e871f0feaa7d324fac8bb0e
- SSDEEP
  
  12288:j3CtSokfFGUMKwlTIU/b37dJ75WEe+eKTxB6mq:jx9GzHlTv/b35tecFB6X
Score

10^/10

urelas discovery trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Urelas family
  urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

urelasdiscoverytrojan

behavioral2

urelasdiscoverytrojan