urelas | 6cf730427776e63fb31ca147bd0de6d35006ca43e46b7cd55e64e2c2ec6db0c8 | Triage

Sharing

General

Target

6cf730427776e63fb31ca147bd0de6d35006ca43e46b7cd55e64e2c2ec6db0c8_NeikiAnalytics.exe
Size

184KB
Sample

240627-kfn1qs1hnf
MD5

8a48a1ac9d21c20376bdefd4b5f31750
SHA1

d06505ca57be8571995b39a1a74ebb3328e6a023
SHA256

6cf730427776e63fb31ca147bd0de6d35006ca43e46b7cd55e64e2c2ec6db0c8
SHA512

9004f1d42593161dacd2ff2727a8701babb8c69547f03ccbe6d6ccf6710f2fc62c8f3034fcafea5dc7557d44cb94d50df9067cc175bbc2bf246ba3097aa203bd
SSDEEP

1536:TPwN8ukP5sZK20EGIBpwW6NeleEQ77nuUWXJmU2Ajpf8oI4KEAUgd:Thuk8QsH47nW5ppkoI4KEAUgd

Score

10^/10

urelas trojan

Malware Config

Extracted

Family

urelas

C2

112.175.88.207

112.175.88.208

Targets

- Target
  
  6cf730427776e63fb31ca147bd0de6d35006ca43e46b7cd55e64e2c2ec6db0c8_NeikiAnalytics.exe
- Size
  
  184KB
- MD5
  
  8a48a1ac9d21c20376bdefd4b5f31750
- SHA1
  
  d06505ca57be8571995b39a1a74ebb3328e6a023
- SHA256
  
  6cf730427776e63fb31ca147bd0de6d35006ca43e46b7cd55e64e2c2ec6db0c8
- SHA512
  
  9004f1d42593161dacd2ff2727a8701babb8c69547f03ccbe6d6ccf6710f2fc62c8f3034fcafea5dc7557d44cb94d50df9067cc175bbc2bf246ba3097aa203bd
- SSDEEP
  
  1536:TPwN8ukP5sZK20EGIBpwW6NeleEQ77nuUWXJmU2Ajpf8oI4KEAUgd:Thuk8QsH47nW5ppkoI4KEAUgd
Score

10^/10

urelas trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2