Overview

overview

10

Static

static

10

Chrome Update.exe

windows10-ltsc 2021-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Chrome Update.exe

  • Size

    119KB

  • Sample

    250105-p7gg7axjdr

  • MD5

    a39f21db0576a82177ee4c806766d763

  • SHA1

    ee4676f4dedd24003ce1bd972cbce95ef51fa07f

  • SHA256

    825509eb0672d6114194c773b017d5d41d9e67be4fe41f753f9c6bb37b1c32db

  • SHA512

    ea07e5d6f2b8ae0fbf8c1931d844bfbff920b3c9f83d10d38bd76828ed2d8a4b849251a87f5e2ad6bb1e9d9b1e5a75520baf2b70e063f44595e058c433be1133

  • SSDEEP

    3072:IAWfRzlXCwwFwOwWAmm+G/bxqH8QWqzCrAZuuyn1:IAD1SWHe/bgRY

Score
10/10
gurcutoxiceyediscoveryratstealertrojan

Malware Config

Extracted

Family

toxiceye

C2

https://api.telegram.org/bot7742822790:AAHkizf3bilCkIqp8NNVcbWObKSVKo8Xifo/sendMessage?chat_id=7053620590

Extracted

Family

gurcu

C2

https://api.telegram.org/bot7742822790:AAHkizf3bilCkIqp8NNVcbWObKSVKo8Xifo/sendMessage?chat_id=7053620590

https://api.telegram.org/bot7742822790:AAHkizf3bilCkIqp8NNVcbWObKSVKo8Xifo/getUpdate

https://api.telegram.org/bot7742822790:AAHkizf3bilCkIqp8NNVcbWObKSVKo8Xifo/getUpdates?offset=

https://api.telegram.org/bot7742822790:AAHkizf3bilCkIqp8NNVcbWObKSVKo8Xifo/getUpdates?offset=33210546

https://api.telegram.org/bot7742822790:AAHkizf3bilCkIqp8NNVcbWObKSVKo8Xifo/getUpdates?offset=33210547

https://api.telegram.org/bot7742822790:AAHkizf3bilCkIqp8NNVcbWObKSVKo8Xifo/getUpdates?offset=33210548

https://api.telegram.org/bot7742822790:AAHkizf3bilCkIqp8NNVcbWObKSVKo8Xifo/getUpdates?offset=33210549

https://api.telegram.org/bot7742822790:AAHkizf3bilCkIqp8NNVcbWObKSVKo8Xifo/getUpdates?offset=33210550

https://api.telegram.org/bot7742822790:AAHkizf3bilCkIqp8NNVcbWObKSVKo8Xifo/getFile?file_id=BQACAgQAAxkBAAMIZ3qCMF_cjzyyw9uX36HfJgjkWLEAAoQZAAKhZdFTilOkM3y6NaU2B

https://api.telegram.org/bot7742822790:AAHkizf3bilCkIqp8NNVcbWObKSVKo8Xifo/sendPhoto?chat_id=705362059

Targets

    • Target

      Chrome Update.exe

    • Size

      119KB

    • MD5

      a39f21db0576a82177ee4c806766d763

    • SHA1

      ee4676f4dedd24003ce1bd972cbce95ef51fa07f

    • SHA256

      825509eb0672d6114194c773b017d5d41d9e67be4fe41f753f9c6bb37b1c32db

    • SHA512

      ea07e5d6f2b8ae0fbf8c1931d844bfbff920b3c9f83d10d38bd76828ed2d8a4b849251a87f5e2ad6bb1e9d9b1e5a75520baf2b70e063f44595e058c433be1133

    • SSDEEP

      3072:IAWfRzlXCwwFwOwWAmm+G/bxqH8QWqzCrAZuuyn1:IAD1SWHe/bgRY

    Score
    10/10
    gurcutoxiceyediscoveryratstealertrojan

    • Gurcu family

      gurcu

    • Gurcu, WhiteSnake

      Gurcu aka WhiteSnake is a malware stealer written in C#.

      stealergurcu

    • ToxicEye

      ToxicEye is a trojan written in C#.

      rattrojantoxiceye

    • Toxiceye family

      toxiceye

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Enumerates processes with tasklist

      discovery
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks