urelas | a173df64c5cac8fade7a480d53d0c55af138f41ae25a11a0f1653984eb3cf019 | Triage

Sharing

General

Target

87df4aa743aa38020380f61c9cee9100_NeikiAnalytics.exe
Size

399KB
Sample

240608-dznezshb96
MD5

87df4aa743aa38020380f61c9cee9100
SHA1

891fa34174bd7386a255659d2e1a43dc133c65fb
SHA256

a173df64c5cac8fade7a480d53d0c55af138f41ae25a11a0f1653984eb3cf019
SHA512

54b59e529a7ac51c3819cb5f437edcb869bea35c796f7fbbdbce91238c5a83f997542845a4fd12dd848c60b43fb04df12f78bf9670500b6bcc18eeb1d7c30a3d
SSDEEP

6144:1sa1jZVgy03se7k5kBTTg7YMz6j8GuHEqqtKKUrBwj3bT3RzS:rtVgyuse2kBXg7Cj81cKK7jfRS

Score

10^/10

urelas trojan

Malware Config

Extracted

Family

urelas

C2

1.234.83.146

133.242.129.155

218.54.31.165

218.54.31.226

Targets

- Target
  
  87df4aa743aa38020380f61c9cee9100_NeikiAnalytics.exe
- Size
  
  399KB
- MD5
  
  87df4aa743aa38020380f61c9cee9100
- SHA1
  
  891fa34174bd7386a255659d2e1a43dc133c65fb
- SHA256
  
  a173df64c5cac8fade7a480d53d0c55af138f41ae25a11a0f1653984eb3cf019
- SHA512
  
  54b59e529a7ac51c3819cb5f437edcb869bea35c796f7fbbdbce91238c5a83f997542845a4fd12dd848c60b43fb04df12f78bf9670500b6bcc18eeb1d7c30a3d
- SSDEEP
  
  6144:1sa1jZVgy03se7k5kBTTg7YMz6j8GuHEqqtKKUrBwj3bT3RzS:rtVgyuse2kBXg7Cj81cKK7jfRS
Score

10^/10

urelas trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2