General

  • Target

    e1955b9c5631ce59d626b10ea35f8732_JaffaCakes118

  • Size

    581KB

  • Sample

    241211-p9fzfatlet

  • MD5

    e1955b9c5631ce59d626b10ea35f8732

  • SHA1

    9f5a9bf98a3b8ee5ec1ecacce56a5dee066c3eaf

  • SHA256

    71c04b1887a4b60c1db93755dfe2f0e9dcd5d6fe6d3481d6be7263041e04dcfd

  • SHA512

    0bf9062a296c1c95f306db6a49ea545997f024eb640ff652033cf7277a0b61a0921d377e871bd866d02c16071c21dcaff7e5494de3b0126b1a0f6c182a3d8918

  • SSDEEP

    6144:MajY1oC+/U8Vjlx4kk9HKda4L383j8hpdoSQbQFsrF1W/h84IrV7mMpH8zQW4jQj:cOlx4kk9HKda4Y38oSiQi4kVdcQzjK

Malware Config

Extracted

Family

urelas

C2

1.234.83.146

133.242.129.155

218.54.31.226

218.54.31.165

Targets

    • Target

      e1955b9c5631ce59d626b10ea35f8732_JaffaCakes118

    • Size

      581KB

    • MD5

      e1955b9c5631ce59d626b10ea35f8732

    • SHA1

      9f5a9bf98a3b8ee5ec1ecacce56a5dee066c3eaf

    • SHA256

      71c04b1887a4b60c1db93755dfe2f0e9dcd5d6fe6d3481d6be7263041e04dcfd

    • SHA512

      0bf9062a296c1c95f306db6a49ea545997f024eb640ff652033cf7277a0b61a0921d377e871bd866d02c16071c21dcaff7e5494de3b0126b1a0f6c182a3d8918

    • SSDEEP

      6144:MajY1oC+/U8Vjlx4kk9HKda4L383j8hpdoSQbQFsrF1W/h84IrV7mMpH8zQW4jQj:cOlx4kk9HKda4Y38oSiQi4kVdcQzjK

    • Urelas

      Urelas is a trojan targeting card games.

    • Urelas family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks