gurcu | 645e274fec3723d065308f9b16b33392ed7f51fbd5ffc3c00806c2efafb08b65

Sharing

Copy URL

Twitter E-mail

General

Target

Autorisoft.zip
Size

17.9MB
Sample

240719-npr1jascqa
MD5

5b879f39e57139ab17300879afa61554
SHA1

a18eab8e257c611f72ea92833584fff0ffaea1f2
SHA256

645e274fec3723d065308f9b16b33392ed7f51fbd5ffc3c00806c2efafb08b65
SHA512

54814430828c204a8b606c000e2efc1fb2586f41c322ebae44d9eba4d297db473d37b520fac02c1bf88407a8a9138a3e7de502e27e32745cd4c96d54c9994ac0
SSDEEP

393216:ZE8wps0kxrkXICtuuL8qgk/H0uxE14p4RToEXkk6hFFh:m2BxoXI6gk/H0u/p4nXkke5

Score

10^/10

Malware Config

Extracted

Family

redline

65.108.29.210:21638

Attributes

auth_value
ad39d6a8ea7823f2a92f57ebaa4c98a5

Targets

- Target
  
  Autorisoft.zip
- Size
  
  17.9MB
- MD5
  
  5b879f39e57139ab17300879afa61554
- SHA1
  
  a18eab8e257c611f72ea92833584fff0ffaea1f2
- SHA256
  
  645e274fec3723d065308f9b16b33392ed7f51fbd5ffc3c00806c2efafb08b65
- SHA512
  
  54814430828c204a8b606c000e2efc1fb2586f41c322ebae44d9eba4d297db473d37b520fac02c1bf88407a8a9138a3e7de502e27e32745cd4c96d54c9994ac0
- SSDEEP
  
  393216:ZE8wps0kxrkXICtuuL8qgk/H0uxE14p4RToEXkk6hFFh:m2BxoXI6gk/H0u/p4nXkke5
Score

1^/10
behavioral1 behavioral2
- Target
  
  Start.exe
- Size
  
  301KB
- MD5
  
  9a0e31ffbe7ecc3a2a6f968b2a8d5567
- SHA1
  
  e88e76fe96616649d2558923afe457ce3b1976ec
- SHA256
  
  b371eae7b55688d307b653759c2d4ddfe3672eb7b5567bcfa9c3f75f5c6d6255
- SHA512
  
  db64b27997e5305473572ee8a60573032e51fbfbdc48670d9adef8ba23c81e8845d073383299c94f87a0100c74ca0e6968b9f468fc46e31e221a71ad69a32749
- SSDEEP
  
  6144:S1eFfHQTBVVzJxmKg/R3xNJyZsMoONeL1Ip4w3qm:gPBV9JxmKE7JfVONUGqm
Score

10^/10

gurcu redline infostealer stealer
- Gurcu, WhiteSnake
  Gurcu is a malware stealer written in C#.
  stealer gurcu
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Suspicious use of SetThreadContext
behavioral3 behavioral4
- Target
  
  gui.lua
- Size
  
  15KB
- MD5
  
  3fbaf076d7134a8aee08b42125cdef51
- SHA1
  
  54a9d8bdda809ec0b40e574f1ebed8e39b0f166a
- SHA256
  
  1cefe4067f5dfa55873072a76b5b766f19115550cd405b6eee9d222d9bd5436d
- SHA512
  
  649e252af9f88d72827907bfce085e28d5309b7d9cade27fd652cb4ecf5645f040842c4b9f13f4239bf8b5f4ceaa219c3f8ef4aa5dcd92a6c44cd9948580875b
- SSDEEP
  
  192:QC8HPhbdPHR/LvS5ZiLRRi6tAExVWkHbWRRQxQIXjWYUNPJodWtHS8HT:QVRxRjv/mCxJdzzIZ
Score

3^/10
behavioral5 behavioral6
- Target
  
  internal/extensions/CMemoryBlock.lua
- Size
  
  141B
- MD5
  
  5061c2e693ba5c470b76fd4b2ce7be24
- SHA1
  
  ec721428eea0d08bf501cc428cea046e3774152e
- SHA256
  
  400bc118e420ab428675226e08a2cba5e0bd4121834168a5fb9b8004502ae3f0
- SHA512
  
  c0168746854c5ddc3496dd9a2b5ac97b62d0eec2fc6a4c7fa8ef0676b08f753525bceefdd0ac9040f1105c83544b583ef47ff0ab1bbed09d0b054122087d3c91
Score

3^/10
behavioral7 behavioral8
- Target
  
  internal/extensions/CNativeReg.lua
- Size
  
  3KB
- MD5
  
  6b75b1d3f480dcf226ebacff62d35165
- SHA1
  
  b170d5079a507e9f9fd918ba993498cecb5b69b8
- SHA256
  
  20298293eaf7060ea4cf99a5b2e790471431166fe618b1032719b01d5d00adc5
- SHA512
  
  4a0ebd56072f0415f79b79c1ccad3b1acf334a9e8e07e671b27297a9eb6dda1ae34e7c44dc98029f4e8da8e43fe33fcf560fc098d2267312182576f7461e871d
Score

3^/10
behavioral10 behavioral9
- Target
  
  internal/extensions/CScriptThread.lua
- Size
  
  2KB
- MD5
  
  140fa886857b0ae6e7caf21019d55bd7
- SHA1
  
  8b0fd588739dd2c8321f59f2c125a7478e304357
- SHA256
  
  d9721aab78d7afa65ed289ae619ab06c6ca86f1bd1e30bd6f16bccbc5369518d
- SHA512
  
  0b88422b08c0f62adad6fc1ec955358ad18e71fd13095a9641ac0037d827af124fb4a64c9e9515d8b6a72f1dabc924d5b52b5c52fac06c06d1c68f2b42c17667
Score

3^/10
behavioral11 behavioral12
- Target
  
  internal/extensions/CScriptThread_EventHandlers.lua
- Size
  
  2KB
- MD5
  
  1e4b4833d2b1f669c19adba54710adc7
- SHA1
  
  5337039b5b89b9d587f3edd574d4763c9cc7fb99
- SHA256
  
  fa1c4d1944b33c32f9155ea2512c397fb360b7fef6b90cd24e8ca1101d1d8a7d
- SHA512
  
  a9fa97af54d7c64f7c19752571398a5bf8d61cc72195534f38b9032c6e9beee2b253146c84346b2907500f864f5aee61a4d132ca18ce1907c5c873655a69ae8f
Score

3^/10
behavioral13 behavioral14
- Target
  
  internal/extensions/CScriptThread_Timers.lua
- Size
  
  1KB
- MD5
  
  9e26a3f52653a2bc26376665de16460a
- SHA1
  
  819f322e928a3e969a7e1e2cc92b4c774119587a
- SHA256
  
  89b849bd208de27791887738d84a2c20f1e6be9acb5b5973459e097fa6c2e26a
- SHA512
  
  421df6874e7d5931288818687332b4eaa388560956238edb6e127f8033705dc97ac2de18487e0c2fefba264021f1dbec31c588984dd71275ac814eec687bce7b
Score

3^/10
behavioral15 behavioral16
- Target
  
  internal/extensions/Vector.lua
- Size
  
  576B
- MD5
  
  7e3a9e43cbcc2f696d3fe5e98c25bd40
- SHA1
  
  b8bb6f8641b2ca5bddf80093bdaa29aa1f17806c
- SHA256
  
  32eb9be018ee9e6acc74b70a6658daa1517590c6d9a67bf42d1ea1b1226271fe
- SHA512
  
  06e7c53a14fe1b5ea7b00deb33f2370738722933bcf034c6722dc62f0008212ef8cfb3cfc7cfe8e5f7d04b324d7de2b4fe0767b87366133e278f8fdd1e8e952c
Score

3^/10
behavioral17 behavioral18
- Target
  
  internal/extensions/keycodes.lua
- Size
  
  2KB
- MD5
  
  35bec02284cc87dc505d48987f115d09
- SHA1
  
  22c571a9e4ea449a59612042ed63434b57157159
- SHA256
  
  feef07106680ddb04400c161e42999e2dc183304a5edaf36dd934d61c24e16b1
- SHA512
  
  b19c460fb0d5074f25f1a3e8d1f48d7f5823a34bb3cad34bebf5141f4c2b585087c3ccc7e2383bf01998f907f7957efe2f6ecb93b5beaef8f9002fe0b6ec50ca
Score

3^/10
behavioral19 behavioral20
- Target
  
  internal/extensions/vehicles.lua
- Size
  
  13KB
- MD5
  
  f4af2d671434c49b996e782557d5910b
- SHA1
  
  ed487d8e687b38e771483429984bf0e93d98c44b
- SHA256
  
  33aceffacff3af61fe5743c9debd7968e352a2cda0d522d4dca7c68a8e17974c
- SHA512
  
  38691c3c84cdc4a87f3deda94b9bb4fad1d8137cc26b8f631c0a7b8daf2649e7af284efccee208c0f6e129eaf26ce45e477f372f4c6c8823bb5a38b1e60fc6af
- SSDEEP
  
  192:L6+1F3MKGh8gLQyNK7axlrAnwHOCG29OadTdLx0HMmdQu8PMISQ3bNV8C366:r28gcyIhndQu8ko3bNV8C3N
Score

3^/10
behavioral21 behavioral22
- Target
  
  internal/game/AI.lua
- Size
  
  1KB
- MD5
  
  41e9918bf7c6e12a5b74d4c434b6483f
- SHA1
  
  fea13f9221143521b5e78300e056f33587376e7b
- SHA256
  
  ea9c8d9600b9caf89e41a79179c29f4757caa12346f49b2b498ad37a1c13f4e2
- SHA512
  
  5ee3901b2d00337e904ae95377cc978738239d4ec549fbdca351e4e6d41a2228359bacb857e05f83c86168bede1c3fd57731b28e0fd26e6ba410da79ab54d67c
Score

3^/10
behavioral23 behavioral24
- Target
  
  internal/game/Blip.lua
- Size
  
  4KB
- MD5
  
  2584beaaf6f7fe130173859ad9084f70
- SHA1
  
  9e56047a3eedc8ed091705dffc1730569c13d1be
- SHA256
  
  9462b7494aa4ff6ed75e233c3d0f2cb917ac9424242fee7f5ba4cdc9c7727668
- SHA512
  
  2ee78a07047de92b3fda31b1c37e606f86cf3ece82d998efa399a7018be8a280369050512dca9b6eab2ce36859ae332c22f17278c226628004675857acc4a503
- SSDEEP
  
  96:I+FdpvfKn5sAt8bV1m171t5gA9cOzpGmSWuSYgj2AYzA9D3heuqxyaEQwMB19BN:EpIWTo
Score

3^/10
behavioral25 behavioral26
- Target
  
  internal/game/Entity.lua
- Size
  
  4KB
- MD5
  
  06bdd4eb79303b245bed52d357a26592
- SHA1
  
  46c70e677259a87dea385552122e981f760b5537
- SHA256
  
  24aacf0e6d8f04ab81422bd5dc26f23a0a23bb568b3e63817461aef5a4eaf0ca
- SHA512
  
  0b0c1b2557959876005fabaad4c184d77e1aee5fbb3f19a6ebf378410b42c7fdc9794e322e3199fede91bc3cb15647a0eee8d022fb8c67a683eaee9175e24526
- SSDEEP
  
  48:V+bz1bnXscHPm+hhrJhWjIIrxN7ovkvwj6G76WNIxUdimjkLKjTHY5CRca28eRfx:Vczj5+jbSv9LTtSS2so55OKV1
Score

3^/10

execution
behavioral27 behavioral28
- Target
  
  internal/game/Object.lua
- Size
  
  95B
- MD5
  
  b91ef87c27f50a0027b7e1c82be520bb
- SHA1
  
  d01c21a6fab3ad8239970255867e40369dacde72
- SHA256
  
  a77f0b448eafd9fea35835629e4480b911bda3faa402a996d813db13867e512b
- SHA512
  
  514df7a7101529b035b876c519a27619349f8575f0c58e5eba357b10bb8058f9e105fa7ea97ff6f5aa5a3fa064699908099cbd6f8aa9903c740c12779b430a50
Score

3^/10
behavioral29 behavioral30
- Target
  
  internal/game/Ped.lua
- Size
  
  3KB
- MD5
  
  5c6c7835bd200461fd5c22b947278c63
- SHA1
  
  75d8cfd0b0a2278f1f821c97ea7e07a5e75095c4
- SHA256
  
  91e8479efd50675e99f568a0f835383166aed7b146890e72029de7dff54d4ae8
- SHA512
  
  207b3d26e54c0c0f02377e5324cdf089133f69a8f401287ac998e860f874e98f441ea99bad7d0d4a8c239d17812f9c1f3713ca19c9af2f074ddd1260b3934eaa
Score

3^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Gurcu, WhiteSnake

RedLine

RedLine payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32