Overview

overview

10

Static

static

1

URLScan

urlscan

1

https://gofile.io/d/...

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    https://gofile.io/d/ggazFm

  • Sample

    241215-q22fvaxpek

Score
10/10
gurcudiscoveryspywarestealer

Malware Config

Extracted

Family

gurcu

C2

https://api.telegram.org/bot7719105235:AAFOTAIFB9Rqu4XvnkM0TIOpafds3cZFXG0/sendMessag

https://api.telegram.org/bot7719105235:AAFOTAIFB9Rqu4XvnkM0TIOpafds3cZFXG0/sendDocumen

Targets

    • Target

      https://gofile.io/d/ggazFm

    Score
    10/10
    gurcudiscoveryspywarestealer

    • Gurcu family

      gurcu

    • Gurcu, WhiteSnake

      Gurcu aka WhiteSnake is a malware stealer written in C#.

      stealergurcu

    • .NET Reactor proctector

      Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks