Overview

overview

10

Static

static

1

buildlogs.exe

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    buildlogs.exe

  • Size

    500KB

  • Sample

    230524-pzlf6sce42

  • MD5

    f0bb0d68532e191a83e9ec3d3e03a0b8

  • SHA1

    c7236c51ceaf92dec1876b139a0f07c9fba5712d

  • SHA256

    b63c575580d34f066ab3bcdae51289474a606497ff68cceabbc856710f99037d

  • SHA512

    0f110dc94579b96e1b9e8b3d6509106a3fddeee4fda1b169962a75f369cd9481c548a55ece62a44f169c46e16a7d7185fa7a1c4ab17fb57fffec1b91852dce12

  • SSDEEP

    12288:jzWhSlcaq3/5/ISXd897Gm1MHx7vjHWzx:jChSa3/5wSXi7Gm1G7vLWN

Score
10/10
gurcucollectionstealer

Malware Config

Extracted

Family

gurcu

C2

https://api.telegram.org/bot5948365373:AAHGoShKq2YoPLHuMrakRbVNthbMABFYHUc/sendMessage?chat_id=-1001620069625

Targets

    • Target

      buildlogs.exe

    • Size

      500KB

    • MD5

      f0bb0d68532e191a83e9ec3d3e03a0b8

    • SHA1

      c7236c51ceaf92dec1876b139a0f07c9fba5712d

    • SHA256

      b63c575580d34f066ab3bcdae51289474a606497ff68cceabbc856710f99037d

    • SHA512

      0f110dc94579b96e1b9e8b3d6509106a3fddeee4fda1b169962a75f369cd9481c548a55ece62a44f169c46e16a7d7185fa7a1c4ab17fb57fffec1b91852dce12

    • SSDEEP

      12288:jzWhSlcaq3/5/ISXd897Gm1MHx7vjHWzx:jChSa3/5wSXi7Gm1G7vLWN

    Score
    10/10
    gurcucollectionstealer

    • Gurcu, WhiteSnake

      Gurcu is a malware stealer written in C#.

      stealergurcu

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks