urelas | 1df5ed2104bb6bdb362f781210b94a99876195cdbf2671b4f9b995282e87e4fb | Triage

Sharing

General

Target

7aa4d9fedc916d6e1293ec087b37ec80_NeikiAnalytics
Size

261KB
Sample

240514-faqvxsbb6w
MD5

7aa4d9fedc916d6e1293ec087b37ec80
SHA1

2ec2b4cff60b9d2da86a458c951c24963cdf9546
SHA256

1df5ed2104bb6bdb362f781210b94a99876195cdbf2671b4f9b995282e87e4fb
SHA512

e77eb1385aacc610a14d445fadb9ca3f0f296db180e8d5ce790a4883d884dbaa7f8d08c0b220b3c989e97212d3d12c9f45eb08df0ab06cd4421c8c620e3e63ab
SSDEEP

6144:yaibWcgsrjz+JJ5yBNHVHpzifLI2Um7dsZ2hYVpl:yaIWRJ5yBNHVHpzif7UD

Score

10^/10

urelas trojan

Malware Config

Extracted

Family

urelas

C2

121.88.5.184

121.88.5.183

218.54.30.235

Targets

- Target
  
  7aa4d9fedc916d6e1293ec087b37ec80_NeikiAnalytics
- Size
  
  261KB
- MD5
  
  7aa4d9fedc916d6e1293ec087b37ec80
- SHA1
  
  2ec2b4cff60b9d2da86a458c951c24963cdf9546
- SHA256
  
  1df5ed2104bb6bdb362f781210b94a99876195cdbf2671b4f9b995282e87e4fb
- SHA512
  
  e77eb1385aacc610a14d445fadb9ca3f0f296db180e8d5ce790a4883d884dbaa7f8d08c0b220b3c989e97212d3d12c9f45eb08df0ab06cd4421c8c620e3e63ab
- SSDEEP
  
  6144:yaibWcgsrjz+JJ5yBNHVHpzifLI2Um7dsZ2hYVpl:yaIWRJ5yBNHVHpzif7UD
Score

10^/10

urelas trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2