General
-
Target
WhiteSnakeStealer Samples.zip
-
Size
1.9MB
-
Sample
231108-awrfpaag9v
-
MD5
b84161be3f02d186ecfe9244e7a70bd8
-
SHA1
641b1ab70ade703861d276f1f2b7abfa16467b54
-
SHA256
c1cf5b9e51a15716cdc658c0661f5c7a2cfceb7d44c7c9f426e214708c25a02f
-
SHA512
0acff233404d561cd821d7b2d98931e1fde9ff0cd0ede7658c99533afebceaadc2de0c86b134df25b3164912afe2a537d481a8b08c9886182aaaccf303d2aaad
-
SSDEEP
49152:7a96PSZtaE65brUelvnliI22cIk3pZAtajbNKlQ7+Y+QoWnl:7a96PSXaE69UeblTk3bAajxYk+Y+Q3l
Malware Config
Targets
-
-
Target
WhiteSnakeStealer Samples.zip
-
Size
1.9MB
-
MD5
b84161be3f02d186ecfe9244e7a70bd8
-
SHA1
641b1ab70ade703861d276f1f2b7abfa16467b54
-
SHA256
c1cf5b9e51a15716cdc658c0661f5c7a2cfceb7d44c7c9f426e214708c25a02f
-
SHA512
0acff233404d561cd821d7b2d98931e1fde9ff0cd0ede7658c99533afebceaadc2de0c86b134df25b3164912afe2a537d481a8b08c9886182aaaccf303d2aaad
-
SSDEEP
49152:7a96PSZtaE65brUelvnliI22cIk3pZAtajbNKlQ7+Y+QoWnl:7a96PSXaE69UeblTk3bAajxYk+Y+Q3l
Score10/10-
Detect Gurcu Stealer V3 payload
-
Detect ZGRat V1
-
Gurcu, WhiteSnake
Gurcu is a malware stealer written in C#.
-
ZGRat
ZGRat is remote access trojan written in C#.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-