urelas | 88f391229a2b55937636917912f775b33e39ab534c10125d8ffbee309915b3c8 | Triage

Sharing

General

Target

88f391229a2b55937636917912f775b33e39ab534c10125d8ffbee309915b3c8_NeikiAnalytics.exe
Size

504KB
Sample

240622-jk5zdawamq
MD5

c1b3f5eedc8e77b019143769fa6fe510
SHA1

4b716c054c731804c7c6affa3926d0843c70b58f
SHA256

88f391229a2b55937636917912f775b33e39ab534c10125d8ffbee309915b3c8
SHA512

d52b66aea3df5285e1655dfc125ab301e19bef5e25e435d2afcdf8f74d929784928ecc1f89ad050a7a2e307fa6064019517a5810e0c19b6a9a9818f6cbf4d483
SSDEEP

12288:kdBNKTCqqwXCcdgT89+MvA+BisqYpxHtG:kLjQC+fs0E

Score

10^/10

urelas trojan

Malware Config

Extracted

Family

urelas

C2

1.234.83.146

133.242.129.155

218.54.31.226

218.54.31.165

Targets

- Target
  
  88f391229a2b55937636917912f775b33e39ab534c10125d8ffbee309915b3c8_NeikiAnalytics.exe
- Size
  
  504KB
- MD5
  
  c1b3f5eedc8e77b019143769fa6fe510
- SHA1
  
  4b716c054c731804c7c6affa3926d0843c70b58f
- SHA256
  
  88f391229a2b55937636917912f775b33e39ab534c10125d8ffbee309915b3c8
- SHA512
  
  d52b66aea3df5285e1655dfc125ab301e19bef5e25e435d2afcdf8f74d929784928ecc1f89ad050a7a2e307fa6064019517a5810e0c19b6a9a9818f6cbf4d483
- SSDEEP
  
  12288:kdBNKTCqqwXCcdgT89+MvA+BisqYpxHtG:kLjQC+fs0E
Score

10^/10

urelas trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2