gurcu | 41e1ac9c4acfe3fbb09f212ef7f3534baa74413cf4830ad934a0ef435ddf1034

General

Target

41e1ac9c4acfe3fbb09f212ef7f3534baa74413cf4830ad934a0ef435ddf1034
Size

3.7MB
Sample

231114-xz3pfsge81
MD5

9b2f1f65ce3f58b4ce229409f39a8d2b
SHA1

5699542019f22d4f44ee2f8a63b5980b819ce72d
SHA256

41e1ac9c4acfe3fbb09f212ef7f3534baa74413cf4830ad934a0ef435ddf1034
SHA512

028f195e504c8da9150834438a3abc76c8a3d2a42cdec4e8c17e7e48aa0fae73470575f8eb3bff97c47b951f612f1533f06fd627c282df258ff34e543a94e2fa
SSDEEP

98304:TkMZ2Vi5bIn6tDdz2JLOsWynvvPUiXYT1/mxGlof6:TkMAA586tDdzALOs5vnUiXYguF

Score

10^/10

Malware Config

Extracted

Family

redline

C2

95.181.152.8:46927

Attributes

auth_value
cdf3919a262c0d6ba99116b375d7551c

Targets

- Target
  
  41e1ac9c4acfe3fbb09f212ef7f3534baa74413cf4830ad934a0ef435ddf1034
- Size
  
  3.7MB
- MD5
  
  9b2f1f65ce3f58b4ce229409f39a8d2b
- SHA1
  
  5699542019f22d4f44ee2f8a63b5980b819ce72d
- SHA256
  
  41e1ac9c4acfe3fbb09f212ef7f3534baa74413cf4830ad934a0ef435ddf1034
- SHA512
  
  028f195e504c8da9150834438a3abc76c8a3d2a42cdec4e8c17e7e48aa0fae73470575f8eb3bff97c47b951f612f1533f06fd627c282df258ff34e543a94e2fa
- SSDEEP
  
  98304:TkMZ2Vi5bIn6tDdz2JLOsWynvvPUiXYT1/mxGlof6:TkMAA586tDdzALOs5vnUiXYguF
Score

10^/10

gurcu redline infostealer stealer
- Gurcu, WhiteSnake
  Gurcu is a malware stealer written in C#.
  stealer gurcu
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Web Service

1

T1102

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Gurcu, WhiteSnake

RedLine

RedLine payload

Executes dropped EXE

Loads dropped DLL

Legitimate hosting services abused for malware hosting/C2

Looks up external IP address via web service

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2