Extracted

Extracted

Extracted

• • Target

    4e9fff3d87862633176207d7501348a46e6e539180d63206fcb9a7e9533bfc0c

  • Size

    1.0MB

  • MD5

    5d876a3f2e63985cd1a1acef1ced738d

  • SHA1

    2e5fd5786b16f52ae937a75b048049223f4365b6

  • SHA256

    4e9fff3d87862633176207d7501348a46e6e539180d63206fcb9a7e9533bfc0c

  • SHA512

    ebb48ead5b845e893ee56a54669dd5aa874ce991f9d52b515171bdd3c2921818cd50a55ae3f9943488b404e74cd155d47bef75f33575dc962cb0e32a4069d601

  • SSDEEP

    24576:pyucQgSU+My3dRTJluGA9V80+fY2ZvDxdvXMQhRti/:cucRSU+ztlTA9VAvD3fni

  Score

  10^/10

  gurcuredlinefashlinacollectiondiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Gurcu, WhiteSnake

    Gurcu is a malware stealer written in C#.

    stealergurcu

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Downloads MZ/PE file

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1