urelas | 27387c160c754ba84f2dab3cfae5f0a5b1781647c535df297cee1ee3ad15e2bf | Triage

Sharing

General

Target

3e1590504d0b796d8edacd2ba4c552b0_NeikiAnalytics.exe
Size

113KB
Sample

240605-fwae3afh94
MD5

3e1590504d0b796d8edacd2ba4c552b0
SHA1

08bc8e65733be98b905c9d7ed998105c4e4c115a
SHA256

27387c160c754ba84f2dab3cfae5f0a5b1781647c535df297cee1ee3ad15e2bf
SHA512

1a2aab66595002f0f0d938e70c1cc7bc129fd94c3c727016d1ad879a6c8348f709640f818048eb7a343832d7e41f2b88440c69b31a33c1cec51288dafd288255
SSDEEP

1536:mCnrJLwAXDtIBcUyk+8CooNvy3GNbcq7+sWjcdgy64TNSeY:htpCP+/oGvWSldgy64TNSeY

Score

10^/10

urelas trojan

Malware Config

Extracted

Family

urelas

C2

218.54.47.76

218.54.47.77

218.54.47.74

Targets

- Target
  
  3e1590504d0b796d8edacd2ba4c552b0_NeikiAnalytics.exe
- Size
  
  113KB
- MD5
  
  3e1590504d0b796d8edacd2ba4c552b0
- SHA1
  
  08bc8e65733be98b905c9d7ed998105c4e4c115a
- SHA256
  
  27387c160c754ba84f2dab3cfae5f0a5b1781647c535df297cee1ee3ad15e2bf
- SHA512
  
  1a2aab66595002f0f0d938e70c1cc7bc129fd94c3c727016d1ad879a6c8348f709640f818048eb7a343832d7e41f2b88440c69b31a33c1cec51288dafd288255
- SSDEEP
  
  1536:mCnrJLwAXDtIBcUyk+8CooNvy3GNbcq7+sWjcdgy64TNSeY:htpCP+/oGvWSldgy64TNSeY
Score

10^/10

urelas trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2