urelas | 97c1f4d0abd70bf4d1c4eee2e7d4febc6a7e2eb928541086faf99406c3f00ae0 | Triage

Sharing

General

Target

97c1f4d0abd70bf4d1c4eee2e7d4febc6a7e2eb928541086faf99406c3f00ae0_NeikiAnalytics.exe
Size

804KB
Sample

240628-pmwflssbrm
MD5

415a452c00ba7ea416563c376caa9320
SHA1

d70b23db0c0252b671183d692ac6931651f037bd
SHA256

97c1f4d0abd70bf4d1c4eee2e7d4febc6a7e2eb928541086faf99406c3f00ae0
SHA512

bd8f6a338475f67940426f6fb80280a1e94c4ded56ca7c3cbb10f61d129b7c35e47e1ca26634944ab35d6ec77b87d3746557485a98633ea9d3ab1215c7ac0028
SSDEEP

12288:occNvdRExZGe+Q1nzPAlDqfJZKay4imoWkI094og2GgPZkiMgU:onPfQpzyD8ZKajiAkI094YLMgU

Score

10^/10

urelas trojan

Malware Config

Extracted

Family

urelas

C2

1.234.83.146

133.242.129.155

218.54.31.226

218.54.31.165

Targets

- Target
  
  97c1f4d0abd70bf4d1c4eee2e7d4febc6a7e2eb928541086faf99406c3f00ae0_NeikiAnalytics.exe
- Size
  
  804KB
- MD5
  
  415a452c00ba7ea416563c376caa9320
- SHA1
  
  d70b23db0c0252b671183d692ac6931651f037bd
- SHA256
  
  97c1f4d0abd70bf4d1c4eee2e7d4febc6a7e2eb928541086faf99406c3f00ae0
- SHA512
  
  bd8f6a338475f67940426f6fb80280a1e94c4ded56ca7c3cbb10f61d129b7c35e47e1ca26634944ab35d6ec77b87d3746557485a98633ea9d3ab1215c7ac0028
- SSDEEP
  
  12288:occNvdRExZGe+Q1nzPAlDqfJZKay4imoWkI094og2GgPZkiMgU:onPfQpzyD8ZKajiAkI094YLMgU
Score

10^/10

urelas trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2