Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Resubmissions

22/05/2023, 08:14 UTC

230522-j48vdafa34 10

30/03/2023, 14:59 UTC

230330-scqn6adb45 7

General

  • Target

    5a1a37fb68eeb445df8c647dab8af952.exe

  • Size

    48KB

  • Sample

    230522-j48vdafa34

  • MD5

    5a1a37fb68eeb445df8c647dab8af952

  • SHA1

    95f2c1a9ae32d39ed616d2007bbcf6f74feba18f

  • SHA256

    631d7e6e0d9b03928ea24c0f846e3aad741bd675b8837035e8bdc028dc25fc98

  • SHA512

    349c588d9fc96ecf4db16004afec719e00e6ec887a4d89319a150b9ef75b1836fb8dfbff1a1fc0953a0dccf6a27ae117a00cd94c0991ecc70931fd1349cd8d05

  • SSDEEP

    768:4g/hgfJYO9KqosayemfSbvZ5l9GCAPk2/PWC/cEnUSBQtP9:R/hgGO9KrHmKbvtelRJnUSBiP9

Score
10/10

Malware Config

Extracted

Family

gurcu

C2

https://api.telegram.org/bot6288342522:AAFSUbGsrmP7ztzdv4uDMwLGETn2Ea_tq1M/sendMessage?chat_id=1953693386

Targets

    • Target

      5a1a37fb68eeb445df8c647dab8af952.exe

    • Size

      48KB

    • MD5

      5a1a37fb68eeb445df8c647dab8af952

    • SHA1

      95f2c1a9ae32d39ed616d2007bbcf6f74feba18f

    • SHA256

      631d7e6e0d9b03928ea24c0f846e3aad741bd675b8837035e8bdc028dc25fc98

    • SHA512

      349c588d9fc96ecf4db16004afec719e00e6ec887a4d89319a150b9ef75b1836fb8dfbff1a1fc0953a0dccf6a27ae117a00cd94c0991ecc70931fd1349cd8d05

    • SSDEEP

      768:4g/hgfJYO9KqosayemfSbvZ5l9GCAPk2/PWC/cEnUSBQtP9:R/hgGO9KrHmKbvtelRJnUSBiP9

    Score
    10/10
    • Gurcu, WhiteSnake

      Gurcu is a malware stealer written in C#.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v6

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.