urelas

General

Target

e58baeaf725a67cb6ccf0354f099a20d_JaffaCakes118
Size

542KB
Sample

241212-kgdw6aylbx
MD5

e58baeaf725a67cb6ccf0354f099a20d
SHA1

fdf7d23a54eac4cce96018548dc6e6a7506a8b8d
SHA256

853839becd3724db65dd63c1eddf16aee5c35303e66798057baaf62f1b769996
SHA512

b7530cb9297e71000d8d2e828dfbcee108999ffbc2dcc04d1bdadd6cf685740d585968a2b6c54627cdbe5794f3a0891e66456625bb9e0d31a281ca936b5b422f
SSDEEP

12288:T52PxDgZo3ijnieactYDG7MzZSHJcvEj8dmoSxuH:92SLi70T7MifjA

Score

10^/10

Malware Config

Extracted

Family

urelas

C2

1.234.83.146

133.242.129.155

218.54.31.226

218.54.30.235

218.54.31.165

Targets

- Target
  
  e58baeaf725a67cb6ccf0354f099a20d_JaffaCakes118
- Size
  
  542KB
- MD5
  
  e58baeaf725a67cb6ccf0354f099a20d
- SHA1
  
  fdf7d23a54eac4cce96018548dc6e6a7506a8b8d
- SHA256
  
  853839becd3724db65dd63c1eddf16aee5c35303e66798057baaf62f1b769996
- SHA512
  
  b7530cb9297e71000d8d2e828dfbcee108999ffbc2dcc04d1bdadd6cf685740d585968a2b6c54627cdbe5794f3a0891e66456625bb9e0d31a281ca936b5b422f
- SSDEEP
  
  12288:T52PxDgZo3ijnieactYDG7MzZSHJcvEj8dmoSxuH:92SLi70T7MifjA
Score

10^/10

urelas discovery trojan upx
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Urelas family
  urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Urelas family

Checks computer location settings

Deletes itself

Executes dropped EXE

Loads dropped DLL

UPX packed file

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2