urelas | 08552f4759a1c693789268d72375c4d6b4ceb89a05d1df7abf5ac5af6a6ecdb9 | Triage

Sharing

General

Target

08552f4759a1c693789268d72375c4d6b4ceb89a05d1df7abf5ac5af6a6ecdb9_NeikiAnalytics.exe
Size

94KB
Sample

240629-2ndy6sybph
MD5

843ff0e703de3acac701c779d7f52710
SHA1

51ff0cdd821dc46e419ae70287e1b1af3f7a4a3e
SHA256

08552f4759a1c693789268d72375c4d6b4ceb89a05d1df7abf5ac5af6a6ecdb9
SHA512

862cd9d9552f0f25a42faa22bce721486d05bfb008a501c0416b6a90bdcc26d8717cefe302a3140500597adabf30c8162a30f5c063519854e028b533bfd6755e
SSDEEP

1536:yzPr/365lm9HM3RgIHYBv1osX1XCDN/on9FWa:yzTS5lm9aRgCkgR/on/Wa

Score

10^/10

urelas trojan

Malware Config

Extracted

Family

urelas

C2

121.88.5.183

218.54.28.139

Targets

- Target
  
  08552f4759a1c693789268d72375c4d6b4ceb89a05d1df7abf5ac5af6a6ecdb9_NeikiAnalytics.exe
- Size
  
  94KB
- MD5
  
  843ff0e703de3acac701c779d7f52710
- SHA1
  
  51ff0cdd821dc46e419ae70287e1b1af3f7a4a3e
- SHA256
  
  08552f4759a1c693789268d72375c4d6b4ceb89a05d1df7abf5ac5af6a6ecdb9
- SHA512
  
  862cd9d9552f0f25a42faa22bce721486d05bfb008a501c0416b6a90bdcc26d8717cefe302a3140500597adabf30c8162a30f5c063519854e028b533bfd6755e
- SSDEEP
  
  1536:yzPr/365lm9HM3RgIHYBv1osX1XCDN/on9FWa:yzTS5lm9aRgCkgR/on/Wa
Score

10^/10

urelas trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2