Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    6734.bin.zip

  • Size

    277KB

  • Sample

    230525-q2ft5sae69

  • MD5

    babd2df6d9e069a786d4a7c53dffb6d8

  • SHA1

    25d981968ad8cac3768ddc7253692e4573a4a221

  • SHA256

    6df1e5b09175d3a7bac878ac6c10d4801e72d1bb4096b611cc205ef58aa0e23e

  • SHA512

    0aca679a975c0328555f82216b77ff9ae6f6ca96c3cb36af0e4897b5dd61391c1b1f2e5e597c8eb6cda3212eccf790c948b7ae7234ec4ba9e7e108c65cabb359

  • SSDEEP

    6144:4oX75y4Tu/ScAB7N5H+S0eFjmCWiVsej2YHefs/tPVGCE8k:4OpTmSce7zyCLVsh9wto7d

Score
10/10

Malware Config

Extracted

Family

gurcu

C2

https://api.telegram.org/bot5805920195:AAHrkiYfOXg55Cncdj5wUj0Ov4rUYjQg7iU/sendMessage?chat_id=5668321496

Targets

    • Target

      6734.bin

    • Size

      504KB

    • MD5

      ad576a5e9a73e049d4b2fd7005c4790e

    • SHA1

      781c71c7ed316739e7aa6f44072139827eca228c

    • SHA256

      9ea90f0a5b0bfa5de1e5aa7eb43000eae8f1c034e5e0b7c3fa97c27e5bc7a8b5

    • SHA512

      3061d30fe1a3c8201bbd4106913b03ffd2d16122a8a6f04f8d1023e490589b44b862cf98e08ddfe6b44db79cb904c7f513c1659f1553187ece27429d59cc2357

    • SSDEEP

      6144:aym/c4Dyv3TxT8jWHgf8YJkVHC++VeQPBZnq0LZYSwFxQx9tPHh1DTbhXBZdt/vZ:eEpmWHgf8Y6/Qp1nLiDKs+pN1UO

    Score
    10/10
    • Gurcu, WhiteSnake

      Gurcu is a malware stealer written in C#.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Enterprise v6

Tasks