gurcu | fe2b724bf92fbda7ef2cbe4026662e12823aa29c309e04af7cc3b8ad8ddf25e7 | Triage

Submit
Reports

Overview

overview

Static

static

JaffaCakes...d6.exe

windows7-x64

JaffaCakes...d6.exe

windows10-2004-x64

Sharing

General

Target

JaffaCakes118_be65927ba986fea781a415c4f17a71d6
Size

204KB
Sample

250109-fjtceayrc1
MD5

be65927ba986fea781a415c4f17a71d6
SHA1

b954a047a5fc747554c524c502634afc0a5b8333
SHA256

fe2b724bf92fbda7ef2cbe4026662e12823aa29c309e04af7cc3b8ad8ddf25e7
SHA512

5e5603b39f5e1e9c2d9f7f21088fe03cf200a4dddfddbca06df02052f04af8d2386ce5816bd3ae7a1eed2347af5843b431bfcc3bb1c8111aa05971a645cf8c3c
SSDEEP

6144:leUhxzk8EYGb3WAk1TjOLxXLLZLLC/isUn:lthxzzhGbGAk1i5n

Score

10^/10

gurcu redline discovery infostealer stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

JaffaCakes118_be65927ba986fea781a415c4f17a71d6.exe

Resource

win7-20240903-en

gurcu redline discovery infostealer stealer

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

JaffaCakes118_be65927ba986fea781a415c4f17a71d6.exe

Resource

win10v2004-20241007-en

gurcu redline discovery infostealer stealer

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

redline

C2

37.252.9.247:37711

Attributes

auth_value
026e3efe08173cd9cc43c61448ed20f6

Targets

- Target
  
  JaffaCakes118_be65927ba986fea781a415c4f17a71d6
- Size
  
  204KB
- MD5
  
  be65927ba986fea781a415c4f17a71d6
- SHA1
  
  b954a047a5fc747554c524c502634afc0a5b8333
- SHA256
  
  fe2b724bf92fbda7ef2cbe4026662e12823aa29c309e04af7cc3b8ad8ddf25e7
- SHA512
  
  5e5603b39f5e1e9c2d9f7f21088fe03cf200a4dddfddbca06df02052f04af8d2386ce5816bd3ae7a1eed2347af5843b431bfcc3bb1c8111aa05971a645cf8c3c
- SSDEEP
  
  6144:leUhxzk8EYGb3WAk1TjOLxXLLZLLC/isUn:lthxzzhGbGAk1i5n
Score

10^/10

gurcu redline discovery infostealer stealer
- Gurcu family
  gurcu
- Gurcu, WhiteSnake
  Gurcu aka WhiteSnake is a malware stealer written in C#.
  stealer gurcu
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Redline family
  redline
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gurcuredlinediscoveryinfostealerstealer

behavioral2

gurcuredlinediscoveryinfostealerstealer

© 2018-2025

Terms | Privacy