gurcu | 3fa93a1a5242d250209451d5775fe454b20b7da8e59b13061353e23e3fefff07 | Triage

Resubmissions

10-01-2025 12:10

250110-pcbcpatmg1 10

10-01-2025 12:06

250110-n9yc2stmd1 3

Sharing

General

Target

logo_20679827913.zip
Size

442KB
Sample

250110-pcbcpatmg1
MD5

fa5c021e56b481647d853080fdaf636b
SHA1

74cd529fc5ef4207dc7bbd4e34fccf5384f55df4
SHA256

3fa93a1a5242d250209451d5775fe454b20b7da8e59b13061353e23e3fefff07
SHA512

68537289234896199bc7676e139ef525bee1863657438e48d803b7d6aeffcaf8b93365e5452de7ac6bbb84b21ff803f713423c8aa64961664474a5c5d8695995
SSDEEP

12288:O3kr3yLqYHW1jU5QaYCrZYed6pHkaikY+vTr+2U:2++qD1I5XVFpyEdkYsTrhU

Score

10^/10

gurcu execution stealer

Malware Config

Extracted

Family

gurcu

C2

https://api.telegram.org/bot7627703707:AAH6TL7Iw6muIVgNjoYcp0OkKmYFg2S1fVE/sendMessag

https://api.telegram.org/bot7627703707:AAH6TL7Iw6muIVgNjoYcp0OkKmYFg2S1fVE/getUpdate

Targets

- Target
  
  4c9a58b8a77a5f4c2e4a5ae070c25238aff20810b81e92393ef955f53e6eb5f3
- Size
  
  444KB
- MD5
  
  9bec57e55df3a59a8e23e898a205d3b4
- SHA1
  
  df0fcd66f33e6d82bd650cee765a5d4010fdd728
- SHA256
  
  4c9a58b8a77a5f4c2e4a5ae070c25238aff20810b81e92393ef955f53e6eb5f3
- SHA512
  
  cc2aa36adbca5c738f9317b30a12849454dfcc719013db5c488191e7a873598a1287ac1261b22b3a12cbcbad5df9303562c8b0f69949d677fee5fdf26755d8d9
- SSDEEP
  
  12288:Dzr11rsCDFL2aCI1i4TtDFO7zXylU3J9OOfuJsA3W/:DzH4AFOi/O7zN3OPe/
Score

10^/10

gurcu execution stealer
- Gurcu family
  gurcu
- Gurcu, WhiteSnake
  Gurcu aka WhiteSnake is a malware stealer written in C#.
  stealer gurcu
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Command and Scripting Interpreter: PowerShell
  Start PowerShell.
  execution
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gurcuexecutionstealer