gurcu | 9af4745791bd83995fae037765cf51f7ce8cbdb892a449b646ebe17c3e0b1f9e | Triage

Submit
Reports

Overview

overview

Static

static

3

FigFlix-2.0.exe

windows7-x64

FigFlix-2.0.exe

windows10-2004-x64

Sharing

General

Target

FigFlix-2.0.exe
Size

14.4MB
Sample

231004-hy9daabg48
MD5

905daa95f1f93ae9e0350aa3302e515f
SHA1

4193c75c4758d5f8d68692ec6a39c1c4c51f559e
SHA256

9af4745791bd83995fae037765cf51f7ce8cbdb892a449b646ebe17c3e0b1f9e
SHA512

c03bc4abc9f0f43bcef11bab07e25220b8edc9d6da4a8061fb11878828c6a492805d6a49f7cff9160d76bd7aa5862847665abce55e3646dfa9e372e9875e9f21
SSDEEP

393216:iirY2ZBkJQldpQB6HG6jz3+EuPdTBdkhLMw9:iD0BU0dpQB6HG6jz38Hbw

Score

10^/10

gurcu collection discovery pyinstaller spyware stealer

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

FigFlix-2.0.exe

Resource

win7-20230831-en

gurcu collection discovery spyware stealer

windows7-x64

20 signatures

120 seconds

Behavioral task

behavioral2

Sample

FigFlix-2.0.exe

Resource

win10v2004-20230915-en

gurcu collection discovery spyware stealer

windows10-2004-x64

20 signatures

120 seconds

Malware Config

Targets

- Target
  
  FigFlix-2.0.exe
- Size
  
  14.4MB
- MD5
  
  905daa95f1f93ae9e0350aa3302e515f
- SHA1
  
  4193c75c4758d5f8d68692ec6a39c1c4c51f559e
- SHA256
  
  9af4745791bd83995fae037765cf51f7ce8cbdb892a449b646ebe17c3e0b1f9e
- SHA512
  
  c03bc4abc9f0f43bcef11bab07e25220b8edc9d6da4a8061fb11878828c6a492805d6a49f7cff9160d76bd7aa5862847665abce55e3646dfa9e372e9875e9f21
- SSDEEP
  
  393216:iirY2ZBkJQldpQB6HG6jz3+EuPdTBdkhLMw9:iD0BU0dpQB6HG6jz38Hbw
Score

10^/10

gurcu collection discovery spyware stealer
- Detect Gurcu Stealer V3 payload
- Gurcu, WhiteSnake
  Gurcu is a malware stealer written in C#.
  stealer gurcu
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gurcucollectiondiscoveryspywarestealer

behavioral2

gurcucollectiondiscoveryspywarestealer

© 2018-2024

Terms | Privacy