gurcu | 2571a03d8d476c2e0eea7edfb0928706c8499ef590d24db9a3f5757bec795fe0

General

Target

file.exe
Size

5.6MB
Sample

241204-ky3xlswkdr
MD5

50a6880b7a2cfb41d50b9fa34438b8fa
SHA1

c3c557e2a34e6ad0c7fc8b06591d0086a28a8051
SHA256

2571a03d8d476c2e0eea7edfb0928706c8499ef590d24db9a3f5757bec795fe0
SHA512

1f0a8de3b190a658aed5b7f7a6817ba5e99246b1ea988aa7ede16723d7e32003b5cd7bf9513c4c2ff0e1a621bbf62c5e10c403eb48e4c285d9821ac0a7fe7d8a
SSDEEP

98304:aGl27OuKr+gvhf2U9Nzm31PMoslkqXf0FvUcwti78OqJ7TPBvc8X6Uc:adOuK6mn9NzgMoYkSIvUcwti7TQlvciE

Score

10^/10

Malware Config

Extracted

Family

gurcu

C2

https://api.telegram.org/bot8121067342:AAFL-KN4aKsB4OBMVYX2uU3_ad7ylEISJbY/sendDocument?chat_id=7781867830&caption=%F0%9F%92%A0DOTSTEALER%F0%9F%92%A0%0A%F0%9F%92%ABNew%20log:%0AIP:%20181.215.176.83%0AUsername:%20Admin%0ALocation:%20United%20Kingdom%20[GB],%20London,%20Englan

Targets

- Target
  
  file.exe
- Size
  
  5.6MB
- MD5
  
  50a6880b7a2cfb41d50b9fa34438b8fa
- SHA1
  
  c3c557e2a34e6ad0c7fc8b06591d0086a28a8051
- SHA256
  
  2571a03d8d476c2e0eea7edfb0928706c8499ef590d24db9a3f5757bec795fe0
- SHA512
  
  1f0a8de3b190a658aed5b7f7a6817ba5e99246b1ea988aa7ede16723d7e32003b5cd7bf9513c4c2ff0e1a621bbf62c5e10c403eb48e4c285d9821ac0a7fe7d8a
- SSDEEP
  
  98304:aGl27OuKr+gvhf2U9Nzm31PMoslkqXf0FvUcwti78OqJ7TPBvc8X6Uc:adOuK6mn9NzgMoYkSIvUcwti7TQlvciE
Score

10^/10

discovery spyware stealer gurcu
- Gurcu family
  gurcu
- Gurcu, WhiteSnake
  Gurcu aka WhiteSnake is a malware stealer written in C#.
  stealer gurcu
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2