urelas | dcf55e637c4590a1b2da8d7dd24021999991de7e84d26f37d3ca9ee2a439bc91 | Triage

Sharing

General

Target

f2df30ab3dc6a8298005ced4a8c58032_JaffaCakes118
Size

689KB
Sample

241215-h18vjaxlgt
MD5

f2df30ab3dc6a8298005ced4a8c58032
SHA1

e57e8f03b39887034cfb613336a1df06f0c41622
SHA256

dcf55e637c4590a1b2da8d7dd24021999991de7e84d26f37d3ca9ee2a439bc91
SHA512

18bd7492522c1d036821275f12acf07ab945a7f1904533f7c2c2986d09705d647e06ee7fcac0e7983b7476f20331e2acd1fa37dd4aec03b0489d0c0393cf2e21
SSDEEP

12288:LUyI6hJQglQA0IWb8DmPySxEuBZDxywHBlP94jpguwDxXlZ1nw:dVh6gl6Iy8R9+ZdnnP94jpgl9Bnw

Score

10^/10

urelas discovery trojan

Malware Config

Extracted

Family

urelas

C2

218.54.31.226

218.54.31.165

Targets

- Target
  
  f2df30ab3dc6a8298005ced4a8c58032_JaffaCakes118
- Size
  
  689KB
- MD5
  
  f2df30ab3dc6a8298005ced4a8c58032
- SHA1
  
  e57e8f03b39887034cfb613336a1df06f0c41622
- SHA256
  
  dcf55e637c4590a1b2da8d7dd24021999991de7e84d26f37d3ca9ee2a439bc91
- SHA512
  
  18bd7492522c1d036821275f12acf07ab945a7f1904533f7c2c2986d09705d647e06ee7fcac0e7983b7476f20331e2acd1fa37dd4aec03b0489d0c0393cf2e21
- SSDEEP
  
  12288:LUyI6hJQglQA0IWb8DmPySxEuBZDxywHBlP94jpguwDxXlZ1nw:dVh6gl6Iy8R9+ZdnnP94jpgl9Bnw
Score

10^/10

urelas discovery trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Urelas family
  urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

urelasdiscoverytrojan

behavioral2

urelasdiscoverytrojan