urelas | 3465a6f61f1327ffdf1264cc9616040f308f466c2ea8e4d7fa96a954649f0dfc | Triage

Submit
Reports

Overview

overview

Static

static

3

34373a2cd7...cs.exe

windows7-x64

34373a2cd7...cs.exe

windows10-2004-x64

Sharing

General

Target

34373a2cd74d55362c44e5bcd569ba00_NeikiAnalytics.exe
Size

290KB
Sample

240618-lmrwmssbkj
MD5

34373a2cd74d55362c44e5bcd569ba00
SHA1

b704e9bdb73bae4d9bca9d4c3b074070e525f07a
SHA256

3465a6f61f1327ffdf1264cc9616040f308f466c2ea8e4d7fa96a954649f0dfc
SHA512

29f7b7a24a9c4dcf315c761d70da5f39488326cc9712195d5772b94f77db376372e350f67e075a7a3abc11beb21ecb64ea10ffb988f3f203ad3b5405b9ae87d8
SSDEEP

6144:96xwSR5NtUIJEWyXuew+q1l0d2Js6H5/TZkKr+:9A3NtUISdPw+Elq2Jsm2j

Score

10^/10

urelas aspackv2 trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

34373a2cd74d55362c44e5bcd569ba00_NeikiAnalytics.exe

Resource

win7-20240611-en

urelas aspackv2 trojan

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

34373a2cd74d55362c44e5bcd569ba00_NeikiAnalytics.exe

Resource

win10v2004-20240508-en

urelas aspackv2 trojan

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

urelas

C2

218.54.31.226

218.54.31.165

Targets

- Target
  
  34373a2cd74d55362c44e5bcd569ba00_NeikiAnalytics.exe
- Size
  
  290KB
- MD5
  
  34373a2cd74d55362c44e5bcd569ba00
- SHA1
  
  b704e9bdb73bae4d9bca9d4c3b074070e525f07a
- SHA256
  
  3465a6f61f1327ffdf1264cc9616040f308f466c2ea8e4d7fa96a954649f0dfc
- SHA512
  
  29f7b7a24a9c4dcf315c761d70da5f39488326cc9712195d5772b94f77db376372e350f67e075a7a3abc11beb21ecb64ea10ffb988f3f203ad3b5405b9ae87d8
- SSDEEP
  
  6144:96xwSR5NtUIJEWyXuew+q1l0d2Js6H5/TZkKr+:9A3NtUISdPw+Elq2Jsm2j
Score

10^/10

urelas aspackv2 trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

urelasaspackv2trojan

behavioral2

urelasaspackv2trojan

© 2018-2024

Terms | Privacy