urelas | 1c6e3ab91a32a0936e8754bcb7448a969946435ff5a30e416ea2a42875b23d64 | Triage

Sharing

General

Target

1c6e3ab91a32a0936e8754bcb7448a969946435ff5a30e416ea2a42875b23d64_NeikiAnalytics.exe
Size

63KB
Sample

240702-al49ssyflg
MD5

7d0a40fe50894a8d68e6c6a58ff61d80
SHA1

47b5d41a4f4cd69315fd2fa2dbfd5ea82abf737d
SHA256

1c6e3ab91a32a0936e8754bcb7448a969946435ff5a30e416ea2a42875b23d64
SHA512

672e6125f926c305f8b177a3fb04c73828d79995d4ebf97a2200498d7f8469bfdbccbeddb20f34b680a3793c1e244be5cb1bfad17beaf367dec1e58e177f4f07
SSDEEP

1536:6bQx5oPsr2vFxDPhAvzgAQzFZ77MzeTmUDG+:6bQRSHpAvzyf7MzeThDG+

Score

10^/10

urelas trojan

Malware Config

Extracted

Family

urelas

C2

218.54.47.76

218.54.47.77

218.54.47.74

Targets

- Target
  
  1c6e3ab91a32a0936e8754bcb7448a969946435ff5a30e416ea2a42875b23d64_NeikiAnalytics.exe
- Size
  
  63KB
- MD5
  
  7d0a40fe50894a8d68e6c6a58ff61d80
- SHA1
  
  47b5d41a4f4cd69315fd2fa2dbfd5ea82abf737d
- SHA256
  
  1c6e3ab91a32a0936e8754bcb7448a969946435ff5a30e416ea2a42875b23d64
- SHA512
  
  672e6125f926c305f8b177a3fb04c73828d79995d4ebf97a2200498d7f8469bfdbccbeddb20f34b680a3793c1e244be5cb1bfad17beaf367dec1e58e177f4f07
- SSDEEP
  
  1536:6bQx5oPsr2vFxDPhAvzgAQzFZ77MzeTmUDG+:6bQRSHpAvzyf7MzeThDG+
Score

10^/10

urelas trojan
- Urelas
  Urelas is a trojan targeting card games.
  trojan urelas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2