urelas | efbfdb4e4673402686c4cefa55e1f34eee026615b70b06b9bad40f07cbcd0fad | Triage

Sharing

General

Target

6497276021f583f26c60188ca0e18930_NeikiAnalytics.exe
Size

365KB
Sample

240618-3ck4sayfme
MD5

6497276021f583f26c60188ca0e18930
SHA1

e8b38782979babaeb5dad7c8894e0b35fae25941
SHA256

efbfdb4e4673402686c4cefa55e1f34eee026615b70b06b9bad40f07cbcd0fad
SHA512

af61d6a94ad332acf139a1a5da5917c5fc0c92308c3c8b2215c65743e705a1105e56e3548e23740224f4b0cc66f5e4065b09674e2b06fe1b786335475ca8002d
SSDEEP

6144:OuJkl8DV12C28tLN2/FkCOfHVm0fMaHftvCGCBhDOHjTPmXHk62p+:OzGL2C2aZ2/F1WHHUaveOHjTC

Score

10^/10

urelas trojan

Malware Config

Extracted

Family

urelas

C2

1.234.83.146

133.242.129.155

218.54.31.165

218.54.31.226

Targets

- Target
  
  6497276021f583f26c60188ca0e18930_NeikiAnalytics.exe
- Size
  
  365KB
- MD5
  
  6497276021f583f26c60188ca0e18930
- SHA1
  
  e8b38782979babaeb5dad7c8894e0b35fae25941
- SHA256
  
  efbfdb4e4673402686c4cefa55e1f34eee026615b70b06b9bad40f07cbcd0fad
- SHA512
  
  af61d6a94ad332acf139a1a5da5917c5fc0c92308c3c8b2215c65743e705a1105e56e3548e23740224f4b0cc66f5e4065b09674e2b06fe1b786335475ca8002d
- SSDEEP
  
  6144:OuJkl8DV12C28tLN2/FkCOfHVm0fMaHftvCGCBhDOHjTPmXHk62p+:OzGL2C2aZ2/F1WHHUaveOHjTC
Score

10^/10

urelas trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2