gurcu | 69a4d194bc1a75ae05c27ed8cfb2437973f5a1622876bbbd7fbfa96f56002cf3

Analysis

max time kernel
141s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
14-10-2023 10:20

Target

rust-dotnet-crypter.exe
Size

643KB
MD5

6511ada00acf160609aaf819867c23bb
SHA1

53ce743b2994e021347fab16fc883f3bd0da8195
SHA256

69a4d194bc1a75ae05c27ed8cfb2437973f5a1622876bbbd7fbfa96f56002cf3
SHA512

f8632f13160b8de787089661dd1c0718e5ee8f000b0806f7cfa7a67908b671794deec1a960ee57bba3f800db1a508b6da2ae47d859be8a633bec90bad80ed61e
SSDEEP

12288:DLhXfP81XAo6iqr7QtwjupqUTzOhVmqKsU8Pas5nz0E0PIjPG:DLhvP81QhiLMupqUwvrUmpz0tPl

Score

10^/10

gurcu stealer

Detect Gurcu Stealer V3 payload 1 IoCs

resource	yara_rule
behavioral1/memory/4976-0-0x000001661EB30000-0x000001661EB88000-memory.dmp	family_gurcu_v3

C:\Users\Admin\AppData\Local\Temp\rust-dotnet-crypter.exe
"C:\Users\Admin\AppData\Local\Temp\rust-dotnet-crypter.exe"
1⤵
PID:4976

memory/4976-0-0x000001661EB30000-0x000001661EB88000-memory.dmp

Filesize
352KB

Download
memory/4976-1-0x00007FF94B120000-0x00007FF94BBE1000-memory.dmp

Filesize
10.8MB

Download
memory/4976-2-0x00000166375D0000-0x00000166375E0000-memory.dmp

Filesize
64KB

Download
memory/4976-4-0x00000166375D0000-0x00000166375E0000-memory.dmp

Filesize
64KB

Download
memory/4976-3-0x00000166375D0000-0x00000166375E0000-memory.dmp

Filesize
64KB

Download
memory/4976-5-0x00000166375D0000-0x00000166375E0000-memory.dmp

Filesize
64KB

Download
memory/4976-6-0x00000166375D0000-0x00000166375E0000-memory.dmp

Filesize
64KB

Download