gurcu | 36badaade40faa02d430c40eafd4a6bad3d0c3289c9435ddcf4930301f029755

General

Target

file.exe
Size

5.6MB
Sample

241202-1e3eqstpb1
MD5

260373b0281173d7a116e4a54e361425
SHA1

38a2a60736c19436b2eaf783b9ae92838cc750c8
SHA256

36badaade40faa02d430c40eafd4a6bad3d0c3289c9435ddcf4930301f029755
SHA512

98cc8704e6e2597c3776408adcd9ce52a09ae64f43dd310b750bfaf4f6a558b0e3f042ccdd6be863a4ec6df4d63092a4390cd186fbb28dd423e27653cc71182d
SSDEEP

98304:aGl27OuKr+gvhf2U9Nzm31PMoslkqXf0FvUcwti78OqJ7TPBvc8X6Uc:adOuK6mn9NzgMoYkSIvUcwti7TQlvciE

Score

10^/10

Malware Config

Extracted

Family

gurcu

C2

https://api.telegram.org/bot8121067342:AAFL-KN4aKsB4OBMVYX2uU3_ad7ylEISJbY/sendDocument?chat_id=7781867830&caption=%F0%9F%92%A0DOTSTEALER%F0%9F%92%A0%0A%F0%9F%92%ABNew%20log:%0AIP:%20181.215.176.83%0AUsername:%20Admin%0ALocation:%20United%20Kingdom%20[GB],%20London,%20Englan

Targets

- Target
  
  file.exe
- Size
  
  5.6MB
- MD5
  
  260373b0281173d7a116e4a54e361425
- SHA1
  
  38a2a60736c19436b2eaf783b9ae92838cc750c8
- SHA256
  
  36badaade40faa02d430c40eafd4a6bad3d0c3289c9435ddcf4930301f029755
- SHA512
  
  98cc8704e6e2597c3776408adcd9ce52a09ae64f43dd310b750bfaf4f6a558b0e3f042ccdd6be863a4ec6df4d63092a4390cd186fbb28dd423e27653cc71182d
- SSDEEP
  
  98304:aGl27OuKr+gvhf2U9Nzm31PMoslkqXf0FvUcwti78OqJ7TPBvc8X6Uc:adOuK6mn9NzgMoYkSIvUcwti7TQlvciE
Score

10^/10

discovery spyware stealer gurcu
- Gurcu family
  gurcu
- Gurcu, WhiteSnake
  Gurcu aka WhiteSnake is a malware stealer written in C#.
  stealer gurcu
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2