urelas | e8880050ab363d9e1bbc61fc3b7203eacab14583249c3aa442769b173d36d8f2 | Triage

Sharing

General

Target

fc738f35c525a7cdb150c851f8254928_JaffaCakes118
Size

168KB
Sample

241218-vw8eesxkbp
MD5

fc738f35c525a7cdb150c851f8254928
SHA1

ec5bf6c457b7eeacd88424b27eed6c74c122bf33
SHA256

e8880050ab363d9e1bbc61fc3b7203eacab14583249c3aa442769b173d36d8f2
SHA512

8eb8735899f77ca8574ec655c1faa1e2ded8852ffbdcf77490a1f07f5a409eae26e4e6e038d0e9e536f565eacd87690dfbf034742330ff4eaf15a9f5685b30f8
SSDEEP

1536:eADA0Wbt1931D2P7BWLQ4zR4LUKMcPHFE3HP/GTW65CGEgvpxyTfc:eADA0Wc7UJ6LZMaHLW65DE8pxWE

Score

10^/10

urelas discovery trojan

Malware Config

Extracted

Family

urelas

C2

112.175.88.208

112.175.88.207

Targets

- Target
  
  fc738f35c525a7cdb150c851f8254928_JaffaCakes118
- Size
  
  168KB
- MD5
  
  fc738f35c525a7cdb150c851f8254928
- SHA1
  
  ec5bf6c457b7eeacd88424b27eed6c74c122bf33
- SHA256
  
  e8880050ab363d9e1bbc61fc3b7203eacab14583249c3aa442769b173d36d8f2
- SHA512
  
  8eb8735899f77ca8574ec655c1faa1e2ded8852ffbdcf77490a1f07f5a409eae26e4e6e038d0e9e536f565eacd87690dfbf034742330ff4eaf15a9f5685b30f8
- SSDEEP
  
  1536:eADA0Wbt1931D2P7BWLQ4zR4LUKMcPHFE3HP/GTW65CGEgvpxyTfc:eADA0Wc7UJ6LZMaHLW65DE8pxWE
Score

10^/10

urelas discovery trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Urelas family
  urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

urelasdiscoverytrojan

behavioral2

urelasdiscoverytrojan