urelas | 0a31ea47101f9e6fe9cba61a5c6a921f2f2042af45d14aab5e1d81bd82cd750f | Triage

Sharing

General

Target

e84bb0d751edc4a666a61f5af8479a9b_JaffaCakes118
Size

185KB
Sample

241212-z2q5jszkcr
MD5

e84bb0d751edc4a666a61f5af8479a9b
SHA1

2eaba348142ec0e7d3d01edb87c7eb46b6977113
SHA256

0a31ea47101f9e6fe9cba61a5c6a921f2f2042af45d14aab5e1d81bd82cd750f
SHA512

18e70a583b490a1d5852b4d63ff5461621709be1849d9155e4a0db006b10add0094552dc5bcdf137a6fbad9105b2fbde9af195298556a3c861ddd9cb36285c57
SSDEEP

3072:u3mvqCDm+W03RB5eUp6UlD/mUKissApfA6y4YHFcg:2mvqeP33AYFIN9treHeg

Score

10^/10

urelas discovery trojan

Malware Config

Extracted

Family

urelas

C2

218.54.47.76

218.54.47.77

218.54.47.74

Targets

- Target
  
  e84bb0d751edc4a666a61f5af8479a9b_JaffaCakes118
- Size
  
  185KB
- MD5
  
  e84bb0d751edc4a666a61f5af8479a9b
- SHA1
  
  2eaba348142ec0e7d3d01edb87c7eb46b6977113
- SHA256
  
  0a31ea47101f9e6fe9cba61a5c6a921f2f2042af45d14aab5e1d81bd82cd750f
- SHA512
  
  18e70a583b490a1d5852b4d63ff5461621709be1849d9155e4a0db006b10add0094552dc5bcdf137a6fbad9105b2fbde9af195298556a3c861ddd9cb36285c57
- SSDEEP
  
  3072:u3mvqCDm+W03RB5eUp6UlD/mUKissApfA6y4YHFcg:2mvqeP33AYFIN9treHeg
Score

10^/10

urelas discovery trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Urelas family
  urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

urelasdiscoverytrojan

behavioral2

urelasdiscoverytrojan