urelas | d6aa1906e2098acf10c24baf71e3b1e8c9ef2a2eb53c173535b8196003c600f5 | Triage

Sharing

General

Target

86edc4a25072fe283b12b22e40a93450_NeikiAnalytics.exe
Size

60KB
Sample

240617-nwjmqsygqe
MD5

86edc4a25072fe283b12b22e40a93450
SHA1

625a059dc0898724ce917e6c9c7f2ca98a7aa2d4
SHA256

d6aa1906e2098acf10c24baf71e3b1e8c9ef2a2eb53c173535b8196003c600f5
SHA512

8b7b3619a6be763dc07b53a8650b2352290dfd86755e66cf75f58f937f869d2766e1cec17084494ee85792a7899ff9baf339744813628906238dec89510db103
SSDEEP

1536:saTkcl2v/z0thjkh6+uYLo31d0JuPrROVI:Jo0cAthu6+FQ0JuPkI

Score

10^/10

urelas trojan

Malware Config

Extracted

Family

urelas

C2

218.54.47.76

218.54.47.77

218.54.47.74

Targets

- Target
  
  86edc4a25072fe283b12b22e40a93450_NeikiAnalytics.exe
- Size
  
  60KB
- MD5
  
  86edc4a25072fe283b12b22e40a93450
- SHA1
  
  625a059dc0898724ce917e6c9c7f2ca98a7aa2d4
- SHA256
  
  d6aa1906e2098acf10c24baf71e3b1e8c9ef2a2eb53c173535b8196003c600f5
- SHA512
  
  8b7b3619a6be763dc07b53a8650b2352290dfd86755e66cf75f58f937f869d2766e1cec17084494ee85792a7899ff9baf339744813628906238dec89510db103
- SSDEEP
  
  1536:saTkcl2v/z0thjkh6+uYLo31d0JuPrROVI:Jo0cAthu6+FQ0JuPkI
Score

10^/10

urelas trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2