urelas | 9627d76c8a9da2d83e0324c92f780a814084e3e34fc4c432cdc057fd2a6ee8c9 | Triage

Sharing

General

Target

9627d76c8a9da2d83e0324c92f780a814084e3e34fc4c432cdc057fd2a6ee8c9_NeikiAnalytics.exe
Size

175KB
Sample

240628-nt3b3azgqm
MD5

72ded024fc218db10618c03b85496ea0
SHA1

d56d18434d2ef859b6029d484462f031ad7584ee
SHA256

9627d76c8a9da2d83e0324c92f780a814084e3e34fc4c432cdc057fd2a6ee8c9
SHA512

245940b2798043495a389751751dfccd828d64e07a58e802fe03e822ba88a2f1465f270827c7019e221c6475236e55eba0c8ce700c317f6a06eadd6c08af8e01
SSDEEP

3072:s9AJRSvTvHN7xkKGsfPNGhoIPpcUqePvwP:s9AvSLvHNdkKGbHPpDqL

Score

10^/10

urelas trojan

Malware Config

Extracted

Family

urelas

C2

218.54.28.139

121.88.5.183

Targets

- Target
  
  9627d76c8a9da2d83e0324c92f780a814084e3e34fc4c432cdc057fd2a6ee8c9_NeikiAnalytics.exe
- Size
  
  175KB
- MD5
  
  72ded024fc218db10618c03b85496ea0
- SHA1
  
  d56d18434d2ef859b6029d484462f031ad7584ee
- SHA256
  
  9627d76c8a9da2d83e0324c92f780a814084e3e34fc4c432cdc057fd2a6ee8c9
- SHA512
  
  245940b2798043495a389751751dfccd828d64e07a58e802fe03e822ba88a2f1465f270827c7019e221c6475236e55eba0c8ce700c317f6a06eadd6c08af8e01
- SSDEEP
  
  3072:s9AJRSvTvHN7xkKGsfPNGhoIPpcUqePvwP:s9AvSLvHNdkKGbHPpDqL
Score

10^/10

urelas trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2