urelas | 9383a0d98910d26ea4105baa198ba536f44c4aeb48c287199a0d6158d7b888e1 | Triage

Sharing

General

Target

dd95cc49d922c4655c7b8487e940b17f_JaffaCakes118
Size

536KB
Sample

241210-hzsf6asren
MD5

dd95cc49d922c4655c7b8487e940b17f
SHA1

44be3505db82f782e64f118cacbab3677a57f80c
SHA256

9383a0d98910d26ea4105baa198ba536f44c4aeb48c287199a0d6158d7b888e1
SHA512

2e02ad0885ca6890b8d331afc4e5db7150e3524f0498bc493513d5bb4bf1ffd6165d2a368007992503dcccdb64c5a3b0b5511149d9296aed86e3cea890ca7b54
SSDEEP

12288:q0nPhglq2Uyt4R/b2G/0hznQGoexBU/NP4:q0P/k4lb2wKat4

Score

10^/10

urelas discovery trojan

Malware Config

Extracted

Family

urelas

C2

218.54.31.226

218.54.31.165

Targets

- Target
  
  dd95cc49d922c4655c7b8487e940b17f_JaffaCakes118
- Size
  
  536KB
- MD5
  
  dd95cc49d922c4655c7b8487e940b17f
- SHA1
  
  44be3505db82f782e64f118cacbab3677a57f80c
- SHA256
  
  9383a0d98910d26ea4105baa198ba536f44c4aeb48c287199a0d6158d7b888e1
- SHA512
  
  2e02ad0885ca6890b8d331afc4e5db7150e3524f0498bc493513d5bb4bf1ffd6165d2a368007992503dcccdb64c5a3b0b5511149d9296aed86e3cea890ca7b54
- SSDEEP
  
  12288:q0nPhglq2Uyt4R/b2G/0hznQGoexBU/NP4:q0P/k4lb2wKat4
Score

10^/10

urelas discovery trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Urelas family
  urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

urelasdiscoverytrojan

behavioral2

urelasdiscoverytrojan