urelas | 96b9c1f6f5bade14e19a5b08c51e867e749970c808b6e86021a25bb657eb31cd | Triage

Sharing

General

Target

1f1263d14acea95bb0acbb46e563cfb0_NeikiAnalytics.exe
Size

308KB
Sample

240610-3dptcsvdle
MD5

1f1263d14acea95bb0acbb46e563cfb0
SHA1

452ce81cd43182a01c1e2fa7d60db0c047c29c95
SHA256

96b9c1f6f5bade14e19a5b08c51e867e749970c808b6e86021a25bb657eb31cd
SHA512

8a24a20e064668da4e1ecfb158b2f510701b09d67a17836a6db4832925b1a06a4f02f2e6a2dad8910615eebb75017d65e61c6bdcddb6f58b49385f092430559b
SSDEEP

3072:dQisJFjI/DmZwx0eJSUbx3ECbZS42t8sJ4yYdfp4Qz28h+0W6Y4704jGopBhj5:dQi+reSUbnbA8VKQq8hpW6p75PpBhj5

Score

10^/10

urelas trojan

Malware Config

Extracted

Family

urelas

C2

218.54.31.165

218.54.31.226

Targets

- Target
  
  1f1263d14acea95bb0acbb46e563cfb0_NeikiAnalytics.exe
- Size
  
  308KB
- MD5
  
  1f1263d14acea95bb0acbb46e563cfb0
- SHA1
  
  452ce81cd43182a01c1e2fa7d60db0c047c29c95
- SHA256
  
  96b9c1f6f5bade14e19a5b08c51e867e749970c808b6e86021a25bb657eb31cd
- SHA512
  
  8a24a20e064668da4e1ecfb158b2f510701b09d67a17836a6db4832925b1a06a4f02f2e6a2dad8910615eebb75017d65e61c6bdcddb6f58b49385f092430559b
- SSDEEP
  
  3072:dQisJFjI/DmZwx0eJSUbx3ECbZS42t8sJ4yYdfp4Qz28h+0W6Y4704jGopBhj5:dQi+reSUbnbA8VKQq8hpW6p75PpBhj5
Score

10^/10

urelas trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2