gurcu | a17d0759547b0ea0584e773e1acddbb39a7b093702e10c83dd8bd7a52b0f2a50

General

Target

260373b0281173d7a116e4a54e361425.bin
Size

4.1MB
Sample

241204-bhsx2ayqhr
MD5

528c3e4064b0fe6682b91473cde2ba55
SHA1

48d88fcdeac2f1cb0196f77e0fc6e36d85a4e702
SHA256

a17d0759547b0ea0584e773e1acddbb39a7b093702e10c83dd8bd7a52b0f2a50
SHA512

e98a07d09adcc46c128e57f4a1558df04ca3b4a9f9d457b316404ded8e11dbfc77b07ed097c335d0b6eeb8f08fef04ff339751dace859d18ee440796ab75bb2f
SSDEEP

98304:pRArF0+pxlYnRx+4E3rTfCh6BH7AlYXffm2minuP/CUqm82xAIj7wD:pRue2xlYnD+4m9ZMqXfLmis/C3F2xAOI

Score

10^/10

Malware Config

Extracted

Family

gurcu

C2

https://api.telegram.org/bot8121067342:AAFL-KN4aKsB4OBMVYX2uU3_ad7ylEISJbY/sendDocument?chat_id=7781867830&caption=%F0%9F%92%A0DOTSTEALER%F0%9F%92%A0%0A%F0%9F%92%ABNew%20log:%0AIP:%20181.215.176.83%0AUsername:%20Admin%0ALocation:%20United%20Kingdom%20[GB],%20London,%20Englan

Targets

- Target
  
  36badaade40faa02d430c40eafd4a6bad3d0c3289c9435ddcf4930301f029755.exe
- Size
  
  5.6MB
- MD5
  
  260373b0281173d7a116e4a54e361425
- SHA1
  
  38a2a60736c19436b2eaf783b9ae92838cc750c8
- SHA256
  
  36badaade40faa02d430c40eafd4a6bad3d0c3289c9435ddcf4930301f029755
- SHA512
  
  98cc8704e6e2597c3776408adcd9ce52a09ae64f43dd310b750bfaf4f6a558b0e3f042ccdd6be863a4ec6df4d63092a4390cd186fbb28dd423e27653cc71182d
- SSDEEP
  
  98304:aGl27OuKr+gvhf2U9Nzm31PMoslkqXf0FvUcwti78OqJ7TPBvc8X6Uc:adOuK6mn9NzgMoYkSIvUcwti7TQlvciE
Score

10^/10

discovery spyware stealer gurcu
- Gurcu family
  gurcu
- Gurcu, WhiteSnake
  Gurcu aka WhiteSnake is a malware stealer written in C#.
  stealer gurcu
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2