urelas | a02826d0fb94c1f1a1450692507d39d9b47e0f9be238914ccc506049f0471b70 | Triage

Sharing

General

Target

0a3fe5f35fd3f3d70fb5e249881ef590_NeikiAnalytics.exe
Size

391KB
Sample

240526-2zhfqsgb73
MD5

0a3fe5f35fd3f3d70fb5e249881ef590
SHA1

2770ab65bb38d5f6fd41e8af116251a845928bc6
SHA256

a02826d0fb94c1f1a1450692507d39d9b47e0f9be238914ccc506049f0471b70
SHA512

3de229f650e351d60eae1930a45b979f4dd7deed24a7f30f68669b16606a9ec11b8be14a2789dea532bf899f709030a6b458a6117b86147b4322058d605789b7
SSDEEP

6144:e8efQ6QPJGcLbjg08fLsGH+revgLIAP1fXo1Eppwsx:n6QPJGcE0rGereYdPcq

Score

10^/10

urelas trojan

Malware Config

Extracted

Family

urelas

C2

1.234.83.146

133.242.129.155

218.54.31.226

218.54.30.235

218.54.31.165

Targets

- Target
  
  0a3fe5f35fd3f3d70fb5e249881ef590_NeikiAnalytics.exe
- Size
  
  391KB
- MD5
  
  0a3fe5f35fd3f3d70fb5e249881ef590
- SHA1
  
  2770ab65bb38d5f6fd41e8af116251a845928bc6
- SHA256
  
  a02826d0fb94c1f1a1450692507d39d9b47e0f9be238914ccc506049f0471b70
- SHA512
  
  3de229f650e351d60eae1930a45b979f4dd7deed24a7f30f68669b16606a9ec11b8be14a2789dea532bf899f709030a6b458a6117b86147b4322058d605789b7
- SSDEEP
  
  6144:e8efQ6QPJGcLbjg08fLsGH+revgLIAP1fXo1Eppwsx:n6QPJGcE0rGereYdPcq
Score

10^/10

urelas trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2