urelas | b1b966f35dd9fdf566f2ba4af32e4806f26162a4eaa6beab634c94b2c2886703 | Triage

Sharing

General

Target

f6adad04782f046ea795b0854338fe84_JaffaCakes118
Size

693KB
Sample

241216-byzqhsynfp
MD5

f6adad04782f046ea795b0854338fe84
SHA1

32bc582b3441d87bf54fe70e14039cf1b0fd4a6c
SHA256

b1b966f35dd9fdf566f2ba4af32e4806f26162a4eaa6beab634c94b2c2886703
SHA512

774adceedf76189acb3ea5faabccb23d3496669e98bc0a4cac753b60ab3e832a383ce291a52b5e65985e5fbb3a3e0e419e115fd9057893cf6ed9e0fab7247f07
SSDEEP

12288:LUyI6hJQglQA0IWb8DmPySxEuBZDxywHBlP94jpguwDxXlZ1nrlI:dVh6gl6Iy8R9+ZdnnP94jpgl9Bnry

Score

10^/10

urelas discovery trojan

Malware Config

Extracted

Family

urelas

C2

218.54.31.226

218.54.31.165

Targets

- Target
  
  f6adad04782f046ea795b0854338fe84_JaffaCakes118
- Size
  
  693KB
- MD5
  
  f6adad04782f046ea795b0854338fe84
- SHA1
  
  32bc582b3441d87bf54fe70e14039cf1b0fd4a6c
- SHA256
  
  b1b966f35dd9fdf566f2ba4af32e4806f26162a4eaa6beab634c94b2c2886703
- SHA512
  
  774adceedf76189acb3ea5faabccb23d3496669e98bc0a4cac753b60ab3e832a383ce291a52b5e65985e5fbb3a3e0e419e115fd9057893cf6ed9e0fab7247f07
- SSDEEP
  
  12288:LUyI6hJQglQA0IWb8DmPySxEuBZDxywHBlP94jpguwDxXlZ1nrlI:dVh6gl6Iy8R9+ZdnnP94jpgl9Bnry
Score

10^/10

urelas discovery trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Urelas family
  urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

urelasdiscoverytrojan

behavioral2

urelasdiscoverytrojan