gurcu | hxxps://github[.]com/inheritedeu/XWorm-RAT/tree/main/XWorm%20RAT%20V2[.]1 | Triage

Submit
Reports

Overview

overview

Static

static

1

URLScan

urlscan

https://github.com/i...

windows10-2004-x64

Sharing

General

Target

https://github.com/inheritedeu/XWorm-RAT/tree/main/XWorm%20RAT%20V2.1
Sample

240628-q8aayashne

Score

10^/10

gurcu toxiceye rat stealer trojan

Static task

static1

URLScan task

urlscan1

Behavioral task

behavioral1

Sample

https://github.com/inheritedeu/XWorm-RAT/tree/main/XWorm%20RAT%20V2.1

Resource

win10v2004-20240508-en

gurcu toxiceye rat stealer trojan

windows10-2004-x64

18 signatures

300 seconds

Malware Config

Extracted

Family

toxiceye

C2

https://api.telegram.org/bot5536756167:AAFMcQrFbMZMBynbrtZUudaOT9ndCJXIqT4/sendMessage?chat_id=2024893777

Extracted

Family

gurcu

C2

https://api.telegram.org/bot5536756167:AAFMcQrFbMZMBynbrtZUudaOT9ndCJXIqT4/sendMessage?chat_id=2024893777

Targets

- Target
  
  https://github.com/inheritedeu/XWorm-RAT/tree/main/XWorm%20RAT%20V2.1
Score

10^/10

gurcu toxiceye rat stealer trojan
- Gurcu, WhiteSnake
  Gurcu is a malware stealer written in C#.
  stealer gurcu
- ToxicEye
  ToxicEye is a trojan written in C#.
  rat trojan toxiceye
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Process Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

urlscan1

behavioral1

gurcutoxiceyeratstealertrojan

© 2018-2024

Terms | Privacy