gurcu | 645e274fec3723d065308f9b16b33392ed7f51fbd5ffc3c00806c2efafb08b65 | Triage

Sharing

General

Target

Autorisoft.zip
Size

17.9MB
Sample

250103-3dtgjsypay
MD5

5b879f39e57139ab17300879afa61554
SHA1

a18eab8e257c611f72ea92833584fff0ffaea1f2
SHA256

645e274fec3723d065308f9b16b33392ed7f51fbd5ffc3c00806c2efafb08b65
SHA512

54814430828c204a8b606c000e2efc1fb2586f41c322ebae44d9eba4d297db473d37b520fac02c1bf88407a8a9138a3e7de502e27e32745cd4c96d54c9994ac0
SSDEEP

393216:ZE8wps0kxrkXICtuuL8qgk/H0uxE14p4RToEXkk6hFFh:m2BxoXI6gk/H0u/p4nXkke5

Score

10^/10

gurcu redline discovery execution infostealer stealer

Malware Config

Extracted

Family

redline

C2

65.108.29.210:21638

Attributes

auth_value
ad39d6a8ea7823f2a92f57ebaa4c98a5

Targets

- Target
  
  Start.exe
- Size
  
  301KB
- MD5
  
  9a0e31ffbe7ecc3a2a6f968b2a8d5567
- SHA1
  
  e88e76fe96616649d2558923afe457ce3b1976ec
- SHA256
  
  b371eae7b55688d307b653759c2d4ddfe3672eb7b5567bcfa9c3f75f5c6d6255
- SHA512
  
  db64b27997e5305473572ee8a60573032e51fbfbdc48670d9adef8ba23c81e8845d073383299c94f87a0100c74ca0e6968b9f468fc46e31e221a71ad69a32749
- SSDEEP
  
  6144:S1eFfHQTBVVzJxmKg/R3xNJyZsMoONeL1Ip4w3qm:gPBV9JxmKE7JfVONUGqm
Score

10^/10

gurcu redline discovery infostealer stealer
- Gurcu family
  gurcu
- Gurcu, WhiteSnake
  Gurcu aka WhiteSnake is a malware stealer written in C#.
  stealer gurcu
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Redline family
  redline
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  internal/game/Entity.lua
- Size
  
  4KB
- MD5
  
  06bdd4eb79303b245bed52d357a26592
- SHA1
  
  46c70e677259a87dea385552122e981f760b5537
- SHA256
  
  24aacf0e6d8f04ab81422bd5dc26f23a0a23bb568b3e63817461aef5a4eaf0ca
- SHA512
  
  0b0c1b2557959876005fabaad4c184d77e1aee5fbb3f19a6ebf378410b42c7fdc9794e322e3199fede91bc3cb15647a0eee8d022fb8c67a683eaee9175e24526
- SSDEEP
  
  48:V+bz1bnXscHPm+hhrJhWjIIrxN7ovkvwj6G76WNIxUdimjkLKjTHY5CRca28eRfx:Vczj5+jbSv9LTtSS2so55OKV1
Score

3^/10

execution
behavioral3 behavioral4
- Target
  
  internal/game/gui.lua
- Size
  
  1KB
- MD5
  
  f7ff6f25fb657b7342061097d57259cd
- SHA1
  
  e94d3d8be1c84ef1849fcae109cf5946f272f9e8
- SHA256
  
  5f93f802370b61fa279998a67aff86e44f97478550137985d5c7e7a1a0986899
- SHA512
  
  e651e3dbed51be1614e456d84efc16dc8580b094c95395361b627f71a588b26d8f7377469e9d559ed7f675ec835a51da2236f96e60e5577c63268e52cdb7bb6f
Score

3^/10

execution
behavioral5 behavioral6
- Target
  
  internal/game/gui/simple_menu.lua
- Size
  
  3KB
- MD5
  
  a7e72aec10e229d667dbf5327f6332cf
- SHA1
  
  fe852609ffe4fd8a0a8bfc72d8627b5e2ea8de15
- SHA256
  
  fd75f51c7339d38bf6b529883d60deb71b50ae1c56d714bf276f6eeb0d40a3d8
- SHA512
  
  c916d76fa6aab0b565d3c6f732a1a46c9cabd04a4f82fc0c592f44a593d926d1486e3c327743cfef9041c2e676be5cb6c5549bbfd52266c5f58d011d06a7cce8
Score

3^/10

execution
behavioral7 behavioral8
- Target
  
  internal/main.dll
- Size
  
  17.7MB
- MD5
  
  207043268b10e01caa9fe94dc0e3526a
- SHA1
  
  ca12ab61b785a300da52830451d6c6604e155668
- SHA256
  
  45badcb0e32204c755756519eb2dd4a092c71e3b725fcb95030940325daa31f1
- SHA512
  
  3075c9da2f4126d6d741db9f777e84fb4bd270061ef694805bbba25285d6764a9b5bbe2e8e903dc170ee4b441666f38c3c9868732eb52f7e5aa4fbd6a501701a
- SSDEEP
  
  393216:M9NRsOLlhL6jer0YWJgITBRFVUFOdlkucXp4G3TeeKTeXzn:GzsslhL6EITBLVTcXqiTeeKTG
Score

5^/10

discovery
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral10 behavioral9

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gurcuredlinediscoveryinfostealerstealer

behavioral2

gurcuredlinediscoveryinfostealerstealer

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10