Extracted

• • Target

    t536f0746f287ffe6c9131c.exe

  • Size

    386KB

  • MD5

    e4d3a1d9c41d306200aa39ee9f718474

  • SHA1

    7af7cd1865189d69c94fdb28d38b090d322fb134

  • SHA256

    7e2371898d8c9121075812f5b9a57de66e7a11ac686042ac6bf59c07b2ad51a2

  • SHA512

    6fa7a52bedf77f2ff42d4042a6d4381003e63b38038062b89b7a69395db1dd2a44ac449036f901dabf2d1aaffef0e463d7c347f5c360bb72d2cc3f932358d186

  • SSDEEP

    6144:+2G9h7IouE6yrJTe4nPF9bCGV0fAaxYt:+th7d68e4P+GV0fApt

  Score

  10^/10

  gurcucollectionspywarestealer

  • Gurcu, WhiteSnake

    Gurcu is a malware stealer written in C#.

    stealergurcu

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  behavioral1behavioral2