gurcu | 3398ed7cffcc75371d831fda315805c714268c321c863f60c806ae73cfaae4cd[.]exe

General

Target

3398ed7cffcc75371d831fda315805c714268c321c863f60c806ae73cfaae4cd.exe
Size

163KB
MD5

c9495b3a992ea3e2ef2788c7ba7ed840
SHA1

3d2e2ff99cd28f81a906d8d928ad7d42ff5226be
SHA256

3398ed7cffcc75371d831fda315805c714268c321c863f60c806ae73cfaae4cd
SHA512

a11e2b0424d7342bbddc9dd0541902128238281dd9aa620b81213d937a997f9da1c1d3954a05bd57383eb27cd3270d2a29b40a16893237c435fcfdb6344a1746
SSDEEP

3072:amqroacBJ41WGh6ta9Y9bvxWlI9fKp7KdD+QOi:amwoaCE9Y9bvCQfKkO

Score

10^/10

gurcu

Malware Config

Extracted

Family

gurcu

C2

https://api.telegram.org/bot7617703274:AAFEXxgPRP1fZGT5UCjcRV4hUZdtNFxyusQ/sendMessage?chat_id=-4568449403

http://209.38.221.184:8080

http://46.235.26.83:8080

http://147.28.185.29:80

http://206.166.251.4:8080

http://51.159.4.50:8080

http://167.235.70.96:8080

http://194.164.198.113:8080

http://132.145.17.167:9090

https://5.196.181.135:443

http://116.202.101.219:8080

https://185.217.98.121:443

http://185.217.98.121:8080

http://159.203.174.113:8090

http://107.161.20.142:8080

https://192.99.196.191:443

http://65.49.205.24:8080

https://154.9.207.142:443

http://67.230.176.97:8080

http://8.222.143.111:8080

Signatures

Gurcu family
gurcu

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3398ed7cffcc75371d831fda315805c714268c321c863f60c806ae73cfaae4cd.exe

Files

3398ed7cffcc75371d831fda315805c714268c321c863f60c806ae73cfaae4cd.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 160KB - Virtual size: 160KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 160KB - Virtual size: 160KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

We care about your privacy.

.text
Size: 160KB - Virtual size: 160KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B