gurcu | 6e644b385d296b76bb3ba68ff006d6b86de763c8b5792e07053e20e3d8218d75 | Triage

Submit
Reports

Overview

overview

Static

static

TelegramRAT.exe

windows10-2004-x64

Sharing

General

Target

TelegramRAT.exe
Size

111KB
Sample

250110-zda4esymhp
MD5

e3d580a17a351366392ec9e2af674524
SHA1

354e8f441c2fa510e1b3ecab222280649a7efb9a
SHA256

6e644b385d296b76bb3ba68ff006d6b86de763c8b5792e07053e20e3d8218d75
SHA512

a7e2726a2b28a39f6624f419ab9194b4c8e3d4c117e324c2719b3f944c5262cbc064df8989d34b984d8541767327d18381adf6678e4445dc8a49afe0a0824309
SSDEEP

1536:dn+bAQACiEXM91qQIwvL9x1Cc0Di4OybhDqI64QW6zCrAZuQPEDrL:sbaCHXELrJp6bxqH4QW6zCrAZuQwv

Score

10^/10

gurcu toxiceye discovery rat stealer trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

TelegramRAT.exe

Resource

win10v2004-20241007-en

gurcu toxiceye discovery rat stealer trojan

windows10-2004-x64

20 signatures

150 seconds

Malware Config

Extracted

Family

gurcu

C2

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/sendMessage?chat_id=-4791200354

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdate

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=97250663

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=97250664

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=97250665

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/getUpdates?offset=97250666

https://api.telegram.org/bot8014667160:AAFqSbz3GwG_v0L0NNlpN0dSG5-tCdm4TtY/sendPhoto?chat_id=-479120035

Targets

- Target
  
  TelegramRAT.exe
- Size
  
  111KB
- MD5
  
  e3d580a17a351366392ec9e2af674524
- SHA1
  
  354e8f441c2fa510e1b3ecab222280649a7efb9a
- SHA256
  
  6e644b385d296b76bb3ba68ff006d6b86de763c8b5792e07053e20e3d8218d75
- SHA512
  
  a7e2726a2b28a39f6624f419ab9194b4c8e3d4c117e324c2719b3f944c5262cbc064df8989d34b984d8541767327d18381adf6678e4445dc8a49afe0a0824309
- SSDEEP
  
  1536:dn+bAQACiEXM91qQIwvL9x1Cc0Di4OybhDqI64QW6zCrAZuQPEDrL:sbaCHXELrJp6bxqH4QW6zCrAZuQwv
Score

10^/10

gurcu toxiceye discovery rat stealer trojan
- Gurcu family
  gurcu
- Gurcu, WhiteSnake
  Gurcu aka WhiteSnake is a malware stealer written in C#.
  stealer gurcu
- ToxicEye
  ToxicEye is a trojan written in C#.
  rat trojan toxiceye
- Toxiceye family
  toxiceye
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Enumerates processes with tasklist
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Process Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gurcutoxiceyediscoveryratstealertrojan

© 2018-2025

Terms | Privacy