Extracted

Extracted

Extracted

• • Target

    5532954fa666ddd5bc80e520666dabd6deb3f4aaa4a2f3b96359e06521aaf51c

  • Size

    1.0MB

  • MD5

    3f79b662f533ac5fcc06ececbc8a79e6

  • SHA1

    913173b6fd134136757ecb0123bc7f53e41546fd

  • SHA256

    5532954fa666ddd5bc80e520666dabd6deb3f4aaa4a2f3b96359e06521aaf51c

  • SHA512

    5a7234f15b2ebd85df1ad7f6158b21ca21806af16e75163af1c8e2a0d7715024520c6e381a4fe1ee293fae1e502d4a89554dc0a5d708d1d4edfe74b4797c95ef

  • SSDEEP

    24576:pyxMp5oOprGFQ8t7GDwsm+bWkW3ga5a/7wBB:carGFQ8taWx3n

  Score

  10^/10

  gurcuredlinefashlinacollectiondiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Gurcu, WhiteSnake

    Gurcu is a malware stealer written in C#.

    stealergurcu

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Downloads MZ/PE file

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1