urelas | 69bece8ab134c9fcfb20071627cebe1d359a484782d5d0a4db6b9b25ac11a897 | Triage

Sharing

General

Target

69bece8ab134c9fcfb20071627cebe1d359a484782d5d0a4db6b9b25ac11a897_NeikiAnalytics.exe
Size

142KB
Sample

240629-fxq47s1hjc
MD5

472d138a83586cfad7ce44eb8434a4a0
SHA1

fcd7cd5e9252efd6a6a7ceda81750cfa43ea0e50
SHA256

69bece8ab134c9fcfb20071627cebe1d359a484782d5d0a4db6b9b25ac11a897
SHA512

e9af7870b37f572b6e5d2752d275de3a2f3600b4654da653de9d071f1e1fe0966d228b62716ef3d31a59091962051d9a4613e6fbb0a7941707ac14efa97ccf24
SSDEEP

1536:XBmcOGZnuETb8yqYd6f/68OJBfWKy2CZ0K06RcVxUs0vUQg0Zm2okVpwP0O:XZOSuECf8ZCKK06QC5ZZdokVp20O

Score

10^/10

urelas trojan

Malware Config

Extracted

Family

urelas

C2

112.175.88.208

112.175.88.207

Targets

- Target
  
  69bece8ab134c9fcfb20071627cebe1d359a484782d5d0a4db6b9b25ac11a897_NeikiAnalytics.exe
- Size
  
  142KB
- MD5
  
  472d138a83586cfad7ce44eb8434a4a0
- SHA1
  
  fcd7cd5e9252efd6a6a7ceda81750cfa43ea0e50
- SHA256
  
  69bece8ab134c9fcfb20071627cebe1d359a484782d5d0a4db6b9b25ac11a897
- SHA512
  
  e9af7870b37f572b6e5d2752d275de3a2f3600b4654da653de9d071f1e1fe0966d228b62716ef3d31a59091962051d9a4613e6fbb0a7941707ac14efa97ccf24
- SSDEEP
  
  1536:XBmcOGZnuETb8yqYd6f/68OJBfWKy2CZ0K06RcVxUs0vUQg0Zm2okVpwP0O:XZOSuECf8ZCKK06QC5ZZdokVp20O
Score

10^/10

urelas trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2