gurcu | e93f10882182b48960ecb9fbb0f0a5d57fb6359fbfe11b45f105c0f1fdbe9285 | Triage

Sharing

General

Target

e93f10882182b48960ecb9fbb0f0a5d57fb6359fbfe11b45f105c0f1fdbe9285
Size

164KB
Sample

241110-kxztkatdmk
MD5

e01681f68027346f1a97a8e35a2646d2
SHA1

cb5c7ee3b4255076fb9306fef3e44da8ed4950c7
SHA256

e93f10882182b48960ecb9fbb0f0a5d57fb6359fbfe11b45f105c0f1fdbe9285
SHA512

8512c4b1bec429596acfe0dca58ef322bec1d3052ea972a579919901175bb0866a3ab7a06588947ab9f533c3f593a441efd8c14a52d9e7a2cb4414d7f7d12246
SSDEEP

3072:sGjDrdaK0WLNb2ZvUYxCsMGywbr5vqYp4A6OPYs2cmDJynlxIiCl:sMDrMGNvYZBR9Ptlqnl

Score

10^/10

gurcu redline discovery infostealer stealer

Malware Config

Extracted

Family

redline

C2

146.59.255.27:63731

Attributes

auth_value
ee8187fd574be73a935e073f8b5705eb

Targets

- Target
  
  axieBot v2.2/Axie Loader v2.2.exe
- Size
  
  368KB
- MD5
  
  f433ddc7d9623cbf329477edd5504f91
- SHA1
  
  f845f49c0e5970d2815e58bd40992cf60ae38d34
- SHA256
  
  ea1187a2c2ce3dfc2d99780650eeeb7498de8a57781dbadc8c60a25b2ce6b447
- SHA512
  
  69e4349dc17fb9107320e37cf7794f893549db8bc150fc3ca585e419e93b418dd4ac8c03f28f0de426629a98dba6ec359343d870697085a1d52abc2eca5198dc
- SSDEEP
  
  3072:sLOoVyQ3OqRRcxjtQcG/ocaHpsHJGLqpnyqbG9Zn+SzGlEeB0VTTm3DnoWueApAI:sLeQKd0xUpOJGLkyu8ZbKeMiEDOOjrQ
Score

10^/10

gurcu redline discovery infostealer stealer
- Gurcu family
  gurcu
- Gurcu, WhiteSnake
  Gurcu is a malware stealer written in C#.
  stealer gurcu
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Redline family
  redline
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  axieBot v2.2/Installer v2.2.dll
- Size
  
  66KB
- MD5
  
  8a2c55ed8659dd8c04926843222ff292
- SHA1
  
  601724394bb8f05da6769995e0dceee9ce9ff5aa
- SHA256
  
  ffbb53f6a499c9af8e20926409f943d6577827163968dfdf31a8856c506f4c24
- SHA512
  
  c8aacdd6fad8852d3f60da759108bb0ed7c854982c4faf66d9c7f6ce8872f772954dae1ceb00615ac9b3ed356d092c4f9ed41a4741b30d474c5bc3266e4452c8
- SSDEEP
  
  1536:RSZekficb1PbU7vDlSZekficb1PbU7vDT:RSAvDlSAvDT
Score

1^/10
behavioral3 behavioral4
- Target
  
  axieBot v2.2/netlog.dll
- Size
  
  233KB
- MD5
  
  f0eb9e95d8910f487a13121051d3982b
- SHA1
  
  ea2dd69ac9af08738c140d0a41147e6d74c03608
- SHA256
  
  952610ba1c406f9a5cc217bc7fe3516be50ae501fdddd93690559ae29dc36c6a
- SHA512
  
  c05283581f4474c00860668b09b4c46343505210f66604a9513db2942efdef4a1e8324dcc73a1e4d2c897ff7503e6ff85765a7759955f812702a61b39885137f
- SSDEEP
  
  3072:RSAvDlSAvDlSAvDlSAvDlSAvDlSAvDlSAvDT:8PPPPPPQ
Score

1^/10
behavioral5 behavioral6

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gurcuredlinediscoveryinfostealerstealer

behavioral2

gurcuredlinediscoveryinfostealerstealer

behavioral3

behavioral4

behavioral5

behavioral6