urelas | 3b95f54b589a817188eca40c48ad2ab73cb32ed3a53b15bdaf8cc0a97324a16f | Triage

Sharing

General

Target

0d0036f5fbb6f047875af4a3f85dab90_NeikiAnalytics.exe
Size

179KB
Sample

240616-1eq2psshqn
MD5

0d0036f5fbb6f047875af4a3f85dab90
SHA1

4df9fb0b4faadfab7fc0cb8bbf13f74256795a3b
SHA256

3b95f54b589a817188eca40c48ad2ab73cb32ed3a53b15bdaf8cc0a97324a16f
SHA512

27a8386b812f64e4a2abd5828c3a4440ebccb1630571198e9ef090917084de49c5ba1af903dac178ce866d7429ad84ca7441c4780951623df5c7049731d3f289
SSDEEP

1536:2PjGahAlK9zJfjvarrcSZUKmDTijh+r8FcUKg2X3RGimoU9gNYcizbR9Xwzz:2PjGUVuJQGjYr0CX3RG/oU9QUPvw3

Score

10^/10

urelas trojan

Malware Config

Extracted

Family

urelas

C2

112.175.88.208

112.175.88.207

Targets

- Target
  
  0d0036f5fbb6f047875af4a3f85dab90_NeikiAnalytics.exe
- Size
  
  179KB
- MD5
  
  0d0036f5fbb6f047875af4a3f85dab90
- SHA1
  
  4df9fb0b4faadfab7fc0cb8bbf13f74256795a3b
- SHA256
  
  3b95f54b589a817188eca40c48ad2ab73cb32ed3a53b15bdaf8cc0a97324a16f
- SHA512
  
  27a8386b812f64e4a2abd5828c3a4440ebccb1630571198e9ef090917084de49c5ba1af903dac178ce866d7429ad84ca7441c4780951623df5c7049731d3f289
- SSDEEP
  
  1536:2PjGahAlK9zJfjvarrcSZUKmDTijh+r8FcUKg2X3RGimoU9gNYcizbR9Xwzz:2PjGUVuJQGjYr0CX3RG/oU9QUPvw3
Score

10^/10

urelas trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2