General
-
Target
sdd4f38eb14d22bb3b0d3b9178295b1142f83.exe
-
Size
86KB
-
Sample
231014-evp9fsab52
-
MD5
a41d137b1da1e5de04a24113ba43505b
-
SHA1
219c8e9a59d6fc35ebe0a2ac6b21ffb37c2b797b
-
SHA256
c1cae9e0a93114e0c9ce011279c41cf0f56d59edcaa4e2ea3c3066a2c0bb76ac
-
SHA512
1debdfd053e7ab3f0b6354aaf724ee7141d0d274e31f993109a775afc51ac2cacbc8a7e6f0c52d903bb62f8c7813986367181814bf4c06fb9bef724d23c32164
-
SSDEEP
1536:TJNK4uC4/P1xE6+lYxyWoekN4B2Wul/WqgOu8ntw0NdC55i9bMSv4M6/TCuuYhow:rKH/HE6+lYxyWoekN4B2Wufntw0Nt9b0
Malware Config
Targets
-
-
Target
sdd4f38eb14d22bb3b0d3b9178295b1142f83.exe
-
Size
86KB
-
MD5
a41d137b1da1e5de04a24113ba43505b
-
SHA1
219c8e9a59d6fc35ebe0a2ac6b21ffb37c2b797b
-
SHA256
c1cae9e0a93114e0c9ce011279c41cf0f56d59edcaa4e2ea3c3066a2c0bb76ac
-
SHA512
1debdfd053e7ab3f0b6354aaf724ee7141d0d274e31f993109a775afc51ac2cacbc8a7e6f0c52d903bb62f8c7813986367181814bf4c06fb9bef724d23c32164
-
SSDEEP
1536:TJNK4uC4/P1xE6+lYxyWoekN4B2Wul/WqgOu8ntw0NdC55i9bMSv4M6/TCuuYhow:rKH/HE6+lYxyWoekN4B2Wufntw0Nt9b0
Score10/10-
Detect Gurcu Stealer V3 payload
-
Gurcu, WhiteSnake
Gurcu is a malware stealer written in C#.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-