Resubmissions

10-04-2024 02:56

240410-dff7kacd24 10

10-04-2024 02:56

240410-de3zyacc96 10

10-04-2024 02:56

240410-de3deaff6t 10

10-04-2024 02:56

240410-de23msff6s 10

09-09-2023 14:35

230909-rx47lsbh52 10

General

  • Target

    a245b51ab711d20b944edca262659dba3a0ee6d1590c8f55a858ce82e2a1c647exe_JC.exe

  • Size

    119KB

  • Sample

    230909-rx47lsbh52

  • MD5

    369204590ce91e77109e21a298753522

  • SHA1

    e981f0c86c42e9e8fcbc7dcff0e05c35887a3869

  • SHA256

    a245b51ab711d20b944edca262659dba3a0ee6d1590c8f55a858ce82e2a1c647

  • SHA512

    bf4367a692eb1f4c31533ee1391cfc1708c75bf726dd5287ac0fa2e602664fa3a74458ded18c1831db16f0462b202f79b10d0f82f3bcb98423a460002e04cf32

  • SSDEEP

    3072:P56Q4BB1q/hJcq4YZRKsySYSLLx9yLjj6TG6WVt9bm+EFyW43LORzMJS/3:Fha6BuQdwLKTGLt9bmhD4q1Mc

Malware Config

Targets

    • Target

      a245b51ab711d20b944edca262659dba3a0ee6d1590c8f55a858ce82e2a1c647exe_JC.exe

    • Size

      119KB

    • MD5

      369204590ce91e77109e21a298753522

    • SHA1

      e981f0c86c42e9e8fcbc7dcff0e05c35887a3869

    • SHA256

      a245b51ab711d20b944edca262659dba3a0ee6d1590c8f55a858ce82e2a1c647

    • SHA512

      bf4367a692eb1f4c31533ee1391cfc1708c75bf726dd5287ac0fa2e602664fa3a74458ded18c1831db16f0462b202f79b10d0f82f3bcb98423a460002e04cf32

    • SSDEEP

      3072:P56Q4BB1q/hJcq4YZRKsySYSLLx9yLjj6TG6WVt9bm+EFyW43LORzMJS/3:Fha6BuQdwLKTGLt9bmhD4q1Mc

    • Detect Gurcu Stealer V3 payload

    • Gurcu, WhiteSnake

      Gurcu is a malware stealer written in C#.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.