urelas | b1dfc2ab3dabbf8b3a78875e8206223247ecb8e991894db3b89a20b39c9ea1de | Triage

Sharing

General

Target

3b89b875a62c15e2994e430f09410cf0_NeikiAnalytics.exe
Size

508KB
Sample

240602-fplvhsce65
MD5

3b89b875a62c15e2994e430f09410cf0
SHA1

f87dd85e1b114b3ddef9a5e7b29529940e10699e
SHA256

b1dfc2ab3dabbf8b3a78875e8206223247ecb8e991894db3b89a20b39c9ea1de
SHA512

c22c5f99782ef51025a249fd1883ee0fba7400bfc83d4b3d8993b3b1d3bb28db3bf5cab3b6f1c9159dfe4f88f7328c2c795866ccb83a398cee598ef61cc3b5da
SSDEEP

12288:kdBNKTCqqwXCcdgT89+MvA+BisqYpxHtSXL:kLjQC+fs0gXL

Score

10^/10

urelas trojan

Malware Config

Extracted

Family

urelas

C2

1.234.83.146

133.242.129.155

218.54.31.226

218.54.31.165

Targets

- Target
  
  3b89b875a62c15e2994e430f09410cf0_NeikiAnalytics.exe
- Size
  
  508KB
- MD5
  
  3b89b875a62c15e2994e430f09410cf0
- SHA1
  
  f87dd85e1b114b3ddef9a5e7b29529940e10699e
- SHA256
  
  b1dfc2ab3dabbf8b3a78875e8206223247ecb8e991894db3b89a20b39c9ea1de
- SHA512
  
  c22c5f99782ef51025a249fd1883ee0fba7400bfc83d4b3d8993b3b1d3bb28db3bf5cab3b6f1c9159dfe4f88f7328c2c795866ccb83a398cee598ef61cc3b5da
- SSDEEP
  
  12288:kdBNKTCqqwXCcdgT89+MvA+BisqYpxHtSXL:kLjQC+fs0gXL
Score

10^/10

urelas trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2