gurcu | 1479a6a608f751577c1b87438adeaf13211690dc1e8931715d5a3cab0572e316 | Triage

Submit
Reports

Overview

overview

Static

static

redline.exe

windows7-x64

Sharing

General

Target

redline
Size

631KB
Sample

231004-nghrwsda99
MD5

2345c226577de700a9158518531baf1d
SHA1

7fbb1b7cfe5705c22b63b0867b4e9ea742c3d0b7
SHA256

1479a6a608f751577c1b87438adeaf13211690dc1e8931715d5a3cab0572e316
SHA512

539197f0808eb33fffe426aa718891cf4be05d23aab208b49b97b5ba03e31d1602c1febcb1a66961336b893bae48a384ec51f1c762803ca23456c0bf97e786a0
SSDEEP

12288:Dd9VHRFi5j/7YsGp9Tk4nKZUGT4p5gTbARgDBL:5RLT2ypUcsBL

Score

10^/10

gurcu redline infostealer stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

redline.exe

Resource

win7-20230831-en

gurcu redline infostealer stealer

windows7-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

redline

C2

54.38.9.216:9487

Attributes

auth_value
9bde7608ef33d6cbd8c01687cdd53196

Targets

- Target
  
  redline
- Size
  
  631KB
- MD5
  
  2345c226577de700a9158518531baf1d
- SHA1
  
  7fbb1b7cfe5705c22b63b0867b4e9ea742c3d0b7
- SHA256
  
  1479a6a608f751577c1b87438adeaf13211690dc1e8931715d5a3cab0572e316
- SHA512
  
  539197f0808eb33fffe426aa718891cf4be05d23aab208b49b97b5ba03e31d1602c1febcb1a66961336b893bae48a384ec51f1c762803ca23456c0bf97e786a0
- SSDEEP
  
  12288:Dd9VHRFi5j/7YsGp9Tk4nKZUGT4p5gTbARgDBL:5RLT2ypUcsBL
Score

10^/10

gurcu redline infostealer stealer
- Gurcu, WhiteSnake
  Gurcu is a malware stealer written in C#.
  stealer gurcu
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gurcuredlineinfostealerstealer

© 2018-2024

Terms | Privacy