urelas | 0afe6966471116cfe136b7b639a7d6a29dd653be64b64f299d88e84322dc0a84 | Triage

Sharing

General

Target

0afe6966471116cfe136b7b639a7d6a29dd653be64b64f299d88e84322dc0a84_NeikiAnalytics.exe
Size

94KB
Sample

240620-y922cawdrd
MD5

a280524f30ac12ad562e725173baf950
SHA1

f0165011daa9c63386c45a319c5c86d85bb163f2
SHA256

0afe6966471116cfe136b7b639a7d6a29dd653be64b64f299d88e84322dc0a84
SHA512

8882dca94cdf983068a7349b06296c32cc522ab09f95acad305049be7322783692a6c765debf7fa13fc8fb609e36e1001a8dd796e46b43f09c8ebac15e4b7ccf
SSDEEP

1536:OVNSf7hyk+I6412V6PMqAax80XAFSrRwP:SSf9yk+U2V63XAFSrRc

Score

10^/10

urelas trojan

Malware Config

Extracted

Family

urelas

C2

218.54.47.77

218.54.47.74

Targets

- Target
  
  0afe6966471116cfe136b7b639a7d6a29dd653be64b64f299d88e84322dc0a84_NeikiAnalytics.exe
- Size
  
  94KB
- MD5
  
  a280524f30ac12ad562e725173baf950
- SHA1
  
  f0165011daa9c63386c45a319c5c86d85bb163f2
- SHA256
  
  0afe6966471116cfe136b7b639a7d6a29dd653be64b64f299d88e84322dc0a84
- SHA512
  
  8882dca94cdf983068a7349b06296c32cc522ab09f95acad305049be7322783692a6c765debf7fa13fc8fb609e36e1001a8dd796e46b43f09c8ebac15e4b7ccf
- SSDEEP
  
  1536:OVNSf7hyk+I6412V6PMqAax80XAFSrRwP:SSf9yk+U2V63XAFSrRc
Score

10^/10

urelas trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2