urelas | 0e5558661eb5f41024501a214e450206e8000f27d528053126db9055df520d27 | Triage

Sharing

General

Target

0a5299aad2c051d927fbf424d98bb080_NeikiAnalytics.exe
Size

331KB
Sample

240611-2ssywsveqk
MD5

0a5299aad2c051d927fbf424d98bb080
SHA1

d70a7563a998e324969a42b0a346eb5079513e08
SHA256

0e5558661eb5f41024501a214e450206e8000f27d528053126db9055df520d27
SHA512

1113535074cf4a4b06ed86bc9694ebfafdb882cce759ed09fbd65e0d0676e51192b2e31f2a3eddfb61afbeffc8209239c8a55ddbc05ed33cdac0ad0f017d0a5b
SSDEEP

6144:yty5fbpxDuMcHYwt1gxloqtaE5iWbUMqfn8EijRUNafrHBw/iA:ytCLD7+51gxeq3gOU9EEQrhMz

Score

10^/10

urelas trojan

Malware Config

Extracted

Family

urelas

C2

218.54.31.165

218.54.31.226

Targets

- Target
  
  0a5299aad2c051d927fbf424d98bb080_NeikiAnalytics.exe
- Size
  
  331KB
- MD5
  
  0a5299aad2c051d927fbf424d98bb080
- SHA1
  
  d70a7563a998e324969a42b0a346eb5079513e08
- SHA256
  
  0e5558661eb5f41024501a214e450206e8000f27d528053126db9055df520d27
- SHA512
  
  1113535074cf4a4b06ed86bc9694ebfafdb882cce759ed09fbd65e0d0676e51192b2e31f2a3eddfb61afbeffc8209239c8a55ddbc05ed33cdac0ad0f017d0a5b
- SSDEEP
  
  6144:yty5fbpxDuMcHYwt1gxloqtaE5iWbUMqfn8EijRUNafrHBw/iA:ytCLD7+51gxeq3gOU9EEQrhMz
Score

10^/10

urelas trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2