Overview

overview

10

Static

static

1

URLScan

urlscan

https://mega.nz/file...

windows10-2004-x64

10

https://mega.nz/file...

windows11-21h2-x64

4

Resubmissions

01-02-2025 16:41

250201-t7cw8a1jfv 10

01-02-2025 16:14

250201-tpps3asjan 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    https://mega.nz/file/y2gzzDYb#JQaLxiA0teFCssQK0NRwWLJJMsYZDjFers2A-gDz3fM

  • Sample

    250201-tpps3asjan

Score
10/10
gurcutoxiceyediscoveryratstealertrojan

Malware Config

Extracted

Family

toxiceye

C2

https://api.telegram.org/bot7950582701:AAFn4xZmuuHEE2nNVozg9gM3rt14h3XD1Vo/sendMessage?chat_id=7697201963

Extracted

Family

gurcu

C2

https://api.telegram.org/bot7950582701:AAFn4xZmuuHEE2nNVozg9gM3rt14h3XD1Vo/sendMessage?chat_id=7697201963

https://api.telegram.org/bot7950582701:AAFn4xZmuuHEE2nNVozg9gM3rt14h3XD1Vo/getUpdate

https://api.telegram.org/bot7950582701:AAFn4xZmuuHEE2nNVozg9gM3rt14h3XD1Vo/getUpdates?offset=

Targets

    • Target

      https://mega.nz/file/y2gzzDYb#JQaLxiA0teFCssQK0NRwWLJJMsYZDjFers2A-gDz3fM

    Score
    10/10
    gurcutoxiceyediscoveryratstealertrojan

    • Contains code to disable Windows Defender

      A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

    • Gurcu family

      gurcu

    • Gurcu, WhiteSnake

      Gurcu aka WhiteSnake is a malware stealer written in C#.

      stealergurcu

    • ToxicEye

      ToxicEye is a trojan written in C#.

      rattrojantoxiceye

    • Toxiceye family

      toxiceye

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Enumerates processes with tasklist

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks