urelas | 546c844f8cfb663c99f6724c4c5a45087a318a464b8b72b60bca4377097f247b | Triage

Sharing

General

Target

546c844f8cfb663c99f6724c4c5a45087a318a464b8b72b60bca4377097f247b_NeikiAnalytics.exe
Size

359KB
Sample

240627-f52kxavanf
MD5

e1577e0da5c1f73bab67092c37c9fe60
SHA1

ee8df12243b3c74da7d9a824c2d85f707193b2a0
SHA256

546c844f8cfb663c99f6724c4c5a45087a318a464b8b72b60bca4377097f247b
SHA512

34ad4382433f1453d5c8190d06717626d82ee073b941407f002e311b18a3b6096861eaf24aa09c4c3b93a6fcf6093b8a5776f478dc76b3fc93c144fc1dac70dc
SSDEEP

6144:c1bYec5C8AAYLxhEmPG7qwmioqVsCqbN0OJXmY:MUyI6QmPPPqVspFXz

Score

10^/10

urelas trojan

Malware Config

Extracted

Family

urelas

C2

218.54.31.226

218.54.31.165

Targets

- Target
  
  546c844f8cfb663c99f6724c4c5a45087a318a464b8b72b60bca4377097f247b_NeikiAnalytics.exe
- Size
  
  359KB
- MD5
  
  e1577e0da5c1f73bab67092c37c9fe60
- SHA1
  
  ee8df12243b3c74da7d9a824c2d85f707193b2a0
- SHA256
  
  546c844f8cfb663c99f6724c4c5a45087a318a464b8b72b60bca4377097f247b
- SHA512
  
  34ad4382433f1453d5c8190d06717626d82ee073b941407f002e311b18a3b6096861eaf24aa09c4c3b93a6fcf6093b8a5776f478dc76b3fc93c144fc1dac70dc
- SSDEEP
  
  6144:c1bYec5C8AAYLxhEmPG7qwmioqVsCqbN0OJXmY:MUyI6QmPPPqVspFXz
Score

10^/10

urelas trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2