Overview

overview

10

Static

static

10

29ef1a2577...cs.exe

windows7-x64

10

29ef1a2577...cs.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    29ef1a257725b109e0cccd9b2795ff40_NeikiAnalytics.exe

  • Size

    794KB

  • Sample

    240603-x21b4sfe8t

  • MD5

    29ef1a257725b109e0cccd9b2795ff40

  • SHA1

    d7f04cf7b04dcd95e10a67d12d856bf8a03096fa

  • SHA256

    878c9fcd11c1ec56288af066948c2d239a9d5ffe5ed131d3322a53cd90cf5690

  • SHA512

    a5add0f8f7c46e2c9205de11bbec197847c6c46100b539d203d29f8386e27f2f34b9787489d244bde956be4dd0d5efd6ac013241f9aee975e99f2c1adbcb9c29

  • SSDEEP

    24576:snPfQpzyD8ZTn8kZvAkI094vOkSCLMgC2:kfQt/Tn8AvAt0GvwC9

Score
10/10
urelastrojan

Malware Config

Extracted

Family

urelas

C2

1.234.83.146

133.242.129.155

218.54.31.226

218.54.31.165

Targets

    • Target

      29ef1a257725b109e0cccd9b2795ff40_NeikiAnalytics.exe

    • Size

      794KB

    • MD5

      29ef1a257725b109e0cccd9b2795ff40

    • SHA1

      d7f04cf7b04dcd95e10a67d12d856bf8a03096fa

    • SHA256

      878c9fcd11c1ec56288af066948c2d239a9d5ffe5ed131d3322a53cd90cf5690

    • SHA512

      a5add0f8f7c46e2c9205de11bbec197847c6c46100b539d203d29f8386e27f2f34b9787489d244bde956be4dd0d5efd6ac013241f9aee975e99f2c1adbcb9c29

    • SSDEEP

      24576:snPfQpzyD8ZTn8kZvAkI094vOkSCLMgC2:kfQt/Tn8AvAt0GvwC9

    Score
    10/10
    urelastrojan

    • Urelas

      Urelas is a trojan targeting card games.

      trojanurelas

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks