urelas | 57624c22344a26e6b3c87a5a2fc5ecc381ee8bdb2fa0b1be1541eefc3762bb77 | Triage

Sharing

General

Target

e6139d1f8ba6b647f00c055782e4a0fd_JaffaCakes118
Size

155KB
Sample

241212-m53ljatpgk
MD5

e6139d1f8ba6b647f00c055782e4a0fd
SHA1

4c27e01d940928bf1e841b05e223b88878511604
SHA256

57624c22344a26e6b3c87a5a2fc5ecc381ee8bdb2fa0b1be1541eefc3762bb77
SHA512

4e5c61ec0114967c98cbba1af37384008daf83836f8733546b07fd88def518050867c87e019fa2c84a3feb42aa88200362bf99d4a587127adf3a95b6c59a3f13
SSDEEP

1536:yXZ56F5r5JZJWEtVpFqN9BBKweuVHZJ71/j+suPG0Hc18yPsWjcdWny6k04yW/XM:yp56zRJ83+OJ7NoGvdwWy6k04yW/KT

Score

10^/10

urelas discovery trojan

Malware Config

Extracted

Family

urelas

C2

218.54.47.76

218.54.47.77

218.54.47.74

Targets

- Target
  
  e6139d1f8ba6b647f00c055782e4a0fd_JaffaCakes118
- Size
  
  155KB
- MD5
  
  e6139d1f8ba6b647f00c055782e4a0fd
- SHA1
  
  4c27e01d940928bf1e841b05e223b88878511604
- SHA256
  
  57624c22344a26e6b3c87a5a2fc5ecc381ee8bdb2fa0b1be1541eefc3762bb77
- SHA512
  
  4e5c61ec0114967c98cbba1af37384008daf83836f8733546b07fd88def518050867c87e019fa2c84a3feb42aa88200362bf99d4a587127adf3a95b6c59a3f13
- SSDEEP
  
  1536:yXZ56F5r5JZJWEtVpFqN9BBKweuVHZJ71/j+suPG0Hc18yPsWjcdWny6k04yW/XM:yp56zRJ83+OJ7NoGvdwWy6k04yW/KT
Score

10^/10

urelas discovery trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Urelas family
  urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

urelasdiscoverytrojan

behavioral2

urelasdiscoverytrojan