gurcu | b63c575580d34f066ab3bcdae51289474a606497ff68cceabbc856710f99037d | Triage

Sharing

General

Target

445.exe
Size

500KB
Sample

230524-qrtm9acf75
MD5

f0bb0d68532e191a83e9ec3d3e03a0b8
SHA1

c7236c51ceaf92dec1876b139a0f07c9fba5712d
SHA256

b63c575580d34f066ab3bcdae51289474a606497ff68cceabbc856710f99037d
SHA512

0f110dc94579b96e1b9e8b3d6509106a3fddeee4fda1b169962a75f369cd9481c548a55ece62a44f169c46e16a7d7185fa7a1c4ab17fb57fffec1b91852dce12
SSDEEP

12288:jzWhSlcaq3/5/ISXd897Gm1MHx7vjHWzx:jChSa3/5wSXi7Gm1G7vLWN

Score

10^/10

gurcu collection stealer

Malware Config

Extracted

Family

gurcu

C2

https://api.telegram.org/bot5948365373:AAHGoShKq2YoPLHuMrakRbVNthbMABFYHUc/sendMessage?chat_id=-1001620069625

Targets

- Target
  
  445.exe
- Size
  
  500KB
- MD5
  
  f0bb0d68532e191a83e9ec3d3e03a0b8
- SHA1
  
  c7236c51ceaf92dec1876b139a0f07c9fba5712d
- SHA256
  
  b63c575580d34f066ab3bcdae51289474a606497ff68cceabbc856710f99037d
- SHA512
  
  0f110dc94579b96e1b9e8b3d6509106a3fddeee4fda1b169962a75f369cd9481c548a55ece62a44f169c46e16a7d7185fa7a1c4ab17fb57fffec1b91852dce12
- SSDEEP
  
  12288:jzWhSlcaq3/5/ISXd897Gm1MHx7vjHWzx:jChSa3/5wSXi7Gm1G7vLWN
Score

10^/10

gurcu collection stealer
- Gurcu, WhiteSnake
  Gurcu is a malware stealer written in C#.
  stealer gurcu
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gurcucollectionstealer

behavioral2

gurcucollectionstealer