Extracted

• • Target

    testpanderequests.exe.bin

  • Size

    186KB

  • MD5

    7e7e25597f56f24d262e989abbb31222

  • SHA1

    f3342f1c948a2ef8775d72389cfb76adc7c7ed21

  • SHA256

    99c5747e5ada4de53bbed50ae5670f04ef4584632c873a060f54f42c70fbcf8c

  • SHA512

    0872e14e4ec016ba0489b9ef26f3295173dc5ab37d92f93d2074e2ea518503945dcdaa6e4990942ee9c80bf1dc56d654c77a7059b15aa834abf2671ef28708f8

  • SSDEEP

    3072:m7JN07Kkj7kE5Ft4rTy/MD89bUDlgAfiTMhtlxfhXXV:mf+7fQO289bUBgAfRB7XX

  Score

  10^/10

  gurcucollectionspywarestealer

  • Gurcu, WhiteSnake

    Gurcu is a malware stealer written in C#.

    stealergurcu

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  behavioral1behavioral2