General
-
Target
55f67b598ae5d8956ea16deefdc771c7.exe
-
Size
5.6MB
-
Sample
241208-j6a15asqgr
-
MD5
55f67b598ae5d8956ea16deefdc771c7
-
SHA1
2007aed44e368258d70bb124ad12e08a0e8ee1ae
-
SHA256
9dc28d9009e1d6a240030460e6c4e27e2014842cd3e7ab0349d31dd13b5fdfb8
-
SHA512
ad07651cab030fcd72169e6f64bf3a4dc3871c5f66f66607d9b056f4bdb9fe3916f0672833b8a289f5a7f6d642828f24e31e6520b5a7294a251661a5ff542b93
-
SSDEEP
98304:aGl27OuKr+gvhf2U9Nzm31PMoslkqXf0FvUcwti78OqJ7TPBvc8X6Uc:adOuK6mn9NzgMoYkSIvUcwti7TQlvciE
Static task
static1
Behavioral task
behavioral1
Sample
55f67b598ae5d8956ea16deefdc771c7.exe
Resource
win7-20240903-en
Malware Config
Extracted
gurcu
https://api.telegram.org/bot8081835502:AAFtGgtMdAzFeWYBpQcGx83fjDR_25zfjK0/sendDocument?chat_id=7538374929&caption=%F0%9F%92%A0DOTSTEALER%F0%9F%92%A0%0A%F0%9F%92%ABNew%20log:%0AIP:%20181.215.176.83%0AUsername:%20Admin%0ALocation:%20United%20Kingdom%20[GB],%20London,%20Englan
Targets
-
-
Target
55f67b598ae5d8956ea16deefdc771c7.exe
-
Size
5.6MB
-
MD5
55f67b598ae5d8956ea16deefdc771c7
-
SHA1
2007aed44e368258d70bb124ad12e08a0e8ee1ae
-
SHA256
9dc28d9009e1d6a240030460e6c4e27e2014842cd3e7ab0349d31dd13b5fdfb8
-
SHA512
ad07651cab030fcd72169e6f64bf3a4dc3871c5f66f66607d9b056f4bdb9fe3916f0672833b8a289f5a7f6d642828f24e31e6520b5a7294a251661a5ff542b93
-
SSDEEP
98304:aGl27OuKr+gvhf2U9Nzm31PMoslkqXf0FvUcwti78OqJ7TPBvc8X6Uc:adOuK6mn9NzgMoYkSIvUcwti7TQlvciE
-
Gurcu family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-