urelas | fc19f4d7f09e4808a1cbd207febb01c8b4c585da3cc79adca9dd8eb688c4470b | Triage

Sharing

General

Target

b5cf372f74bc6253fcf901f1d5a6bd70_NeikiAnalytics.exe
Size

94KB
Sample

240520-fv95asdg5v
MD5

b5cf372f74bc6253fcf901f1d5a6bd70
SHA1

0780a22b457fd33e69a66b6561c388da7db353d0
SHA256

fc19f4d7f09e4808a1cbd207febb01c8b4c585da3cc79adca9dd8eb688c4470b
SHA512

ecbcdc5607eef0e430148d38bb3e8ffed6096bdc315518a53551b0f20ad5d7af8d12b9a129d6a1b86d03a2270c25f1a880007b821a9ed56c0d0754a36d213bb2
SSDEEP

1536:OVNSf7hyk+I6412V6PMqAax80XAFSrRmo:SSf9yk+U2V63XAFSrRmo

Score

10^/10

urelas trojan

Malware Config

Extracted

Family

urelas

C2

218.54.47.77

218.54.47.74

Targets

- Target
  
  b5cf372f74bc6253fcf901f1d5a6bd70_NeikiAnalytics.exe
- Size
  
  94KB
- MD5
  
  b5cf372f74bc6253fcf901f1d5a6bd70
- SHA1
  
  0780a22b457fd33e69a66b6561c388da7db353d0
- SHA256
  
  fc19f4d7f09e4808a1cbd207febb01c8b4c585da3cc79adca9dd8eb688c4470b
- SHA512
  
  ecbcdc5607eef0e430148d38bb3e8ffed6096bdc315518a53551b0f20ad5d7af8d12b9a129d6a1b86d03a2270c25f1a880007b821a9ed56c0d0754a36d213bb2
- SSDEEP
  
  1536:OVNSf7hyk+I6412V6PMqAax80XAFSrRmo:SSf9yk+U2V63XAFSrRmo
Score

10^/10

urelas trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2