Overview

overview

10

Static

static

3

FigFlix-2.0.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    FigFlix-2.0.exe

  • Size

    14.4MB

  • Sample

    231004-hx2xtabf95

  • MD5

    905daa95f1f93ae9e0350aa3302e515f

  • SHA1

    4193c75c4758d5f8d68692ec6a39c1c4c51f559e

  • SHA256

    9af4745791bd83995fae037765cf51f7ce8cbdb892a449b646ebe17c3e0b1f9e

  • SHA512

    c03bc4abc9f0f43bcef11bab07e25220b8edc9d6da4a8061fb11878828c6a492805d6a49f7cff9160d76bd7aa5862847665abce55e3646dfa9e372e9875e9f21

  • SSDEEP

    393216:iirY2ZBkJQldpQB6HG6jz3+EuPdTBdkhLMw9:iD0BU0dpQB6HG6jz38Hbw

Score
10/10
gurcucollectionpyinstallerspywarestealer

Malware Config

Targets

    • Target

      FigFlix-2.0.exe

    • Size

      14.4MB

    • MD5

      905daa95f1f93ae9e0350aa3302e515f

    • SHA1

      4193c75c4758d5f8d68692ec6a39c1c4c51f559e

    • SHA256

      9af4745791bd83995fae037765cf51f7ce8cbdb892a449b646ebe17c3e0b1f9e

    • SHA512

      c03bc4abc9f0f43bcef11bab07e25220b8edc9d6da4a8061fb11878828c6a492805d6a49f7cff9160d76bd7aa5862847665abce55e3646dfa9e372e9875e9f21

    • SSDEEP

      393216:iirY2ZBkJQldpQB6HG6jz3+EuPdTBdkhLMw9:iD0BU0dpQB6HG6jz38Hbw

    Score
    10/10
    gurcucollectionspywarestealer

    • Detect Gurcu Stealer V3 payload

    • Gurcu, WhiteSnake

      Gurcu is a malware stealer written in C#.

      stealergurcu

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks