urelas | fe10751295a7c61c48e96d7104ceb41dd1ca6d255ba5f3e5fd20838a45113bfa | Triage

Sharing

General

Target

f5fe3574aadc278233784cc582af7cbb_JaffaCakes118
Size

403KB
Sample

241215-18w5tazldz
MD5

f5fe3574aadc278233784cc582af7cbb
SHA1

73814412cb1bdf793cd93b7036466e0b3adb2c4a
SHA256

fe10751295a7c61c48e96d7104ceb41dd1ca6d255ba5f3e5fd20838a45113bfa
SHA512

1951c9ea1f807423aca94ca38be6bdb7060151bb36fc7ea3ed27faa3e3e54cc020026d94a203d40a9e65028d61d8c3b859869c8e7c3a7fe6411874bdab99971b
SSDEEP

6144:85SXvBoDWoyLYyzbkPC4DYM6SB6v+qLnAzYmhwrxcvkzmSBrohHR:8IfBoDWoyFblU6hAJQnOf

Score

10^/10

urelas discovery trojan

Malware Config

Extracted

Family

urelas

C2

218.54.31.165

218.54.31.226

Targets

- Target
  
  f5fe3574aadc278233784cc582af7cbb_JaffaCakes118
- Size
  
  403KB
- MD5
  
  f5fe3574aadc278233784cc582af7cbb
- SHA1
  
  73814412cb1bdf793cd93b7036466e0b3adb2c4a
- SHA256
  
  fe10751295a7c61c48e96d7104ceb41dd1ca6d255ba5f3e5fd20838a45113bfa
- SHA512
  
  1951c9ea1f807423aca94ca38be6bdb7060151bb36fc7ea3ed27faa3e3e54cc020026d94a203d40a9e65028d61d8c3b859869c8e7c3a7fe6411874bdab99971b
- SSDEEP
  
  6144:85SXvBoDWoyLYyzbkPC4DYM6SB6v+qLnAzYmhwrxcvkzmSBrohHR:8IfBoDWoyFblU6hAJQnOf
Score

10^/10

urelas discovery trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Urelas family
  urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

urelasdiscoverytrojan

behavioral2

urelasdiscoverytrojan