Extracted

• • Target

    mainmenu not FUD.exe

  • Size

    16.2MB

  • MD5

    72e3eb7e641fd4c32335ed5201683d9a

  • SHA1

    f63651ae7a673b5b459796aebaf5b7f0c76c0687

  • SHA256

    a495b85839d5632aab568ff0a41aeeceb0c949bffe99980d097a28027c454fdc

  • SHA512

    d4428cd7224ac5382cd7c9761230905ea027126a4717fcd58e646721029c2c327ed7580d0d1b2ac16c444db3d40969a4ec718694960e24e2229113c45a978e8d

  • SSDEEP

    393216:z1Mn5D38U+pzCq+hqavItKM+0myAZGwCH+DKp3n:z1M5DD+pzz4DAt+yq5CkM

  Score

  10^/10

  gurcumilleniumratdiscoverypersistencepyinstallerratspywarestealer

  • Gurcu family

    gurcu

  • Gurcu, WhiteSnake

    Gurcu is a malware stealer written in C#.

    stealergurcu

  • MilleniumRat

    MilleniumRat is a remote access trojan written in C#.

    ratstealermilleniumrat

  • Milleniumrat family

    milleniumrat

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Adds Run key to start application

    persistence

  • Legitimate hosting services abused for malware hosting/C2

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Enumerates processes with tasklist

    discovery
  behavioral1behavioral2