urelas | 75a41f26bd62593d4add7be81d33cb705861b93a8f7930eba6c3b69b16d4adcb | Triage

Sharing

General

Target

5dfcb357d33b2c2fcc01d5189b166b50_NeikiAnalytics.exe
Size

94KB
Sample

240530-bj6waahh36
MD5

5dfcb357d33b2c2fcc01d5189b166b50
SHA1

b34d0f72ff2c98d0a1de84e57df9fe75868b5457
SHA256

75a41f26bd62593d4add7be81d33cb705861b93a8f7930eba6c3b69b16d4adcb
SHA512

4fe001faf6c768c04e8e4a3365880b9f5c172951cf935d93db5d7c83a2099d5f754885e53ccc41dad5c393bf5d7844cb64780d5423c4ab313f423dde3f7191bf
SSDEEP

1536:OVNSf7hyk+I6412V6PMqAax80XAFSrRjm:SSf9yk+U2V63XAFSrRC

Score

10^/10

urelas trojan

Malware Config

Extracted

Family

urelas

C2

218.54.47.77

218.54.47.74

Targets

- Target
  
  5dfcb357d33b2c2fcc01d5189b166b50_NeikiAnalytics.exe
- Size
  
  94KB
- MD5
  
  5dfcb357d33b2c2fcc01d5189b166b50
- SHA1
  
  b34d0f72ff2c98d0a1de84e57df9fe75868b5457
- SHA256
  
  75a41f26bd62593d4add7be81d33cb705861b93a8f7930eba6c3b69b16d4adcb
- SHA512
  
  4fe001faf6c768c04e8e4a3365880b9f5c172951cf935d93db5d7c83a2099d5f754885e53ccc41dad5c393bf5d7844cb64780d5423c4ab313f423dde3f7191bf
- SSDEEP
  
  1536:OVNSf7hyk+I6412V6PMqAax80XAFSrRjm:SSf9yk+U2V63XAFSrRC
Score

10^/10

urelas trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2