gurcu | 026ade51b2c8c528de21dae3cecb8c81530d08b2e28038e526c4747e0ea43ce0 | Triage

Submit
Reports

Overview

overview

Static

static

3

Aimbot.zip

windows11-21h2-x64

Sharing

General

Target

Aimbot.zip
Size

1.8MB
Sample

250219-whe2dswjbw
MD5

9fab9e892dde96da60d8065a6687f32f
SHA1

d485fb05ed93a44ff57803103b271c5fa3882e79
SHA256

026ade51b2c8c528de21dae3cecb8c81530d08b2e28038e526c4747e0ea43ce0
SHA512

5741c905e86ab9d322b8752c8bc0ec1cf6ada750e8c9064bb5a2a0b6e471f83751a07c3516404afa41cba9f4bf2ec18ee35bb8e5d8fd67be33bbf5811cd0b339
SSDEEP

24576:7awwKusHwEwSDMn6iGqK3idUSeMITCqgcfyr4Py6K22i+i8rtVs1ZY7jQY71B:bwREDDM6AdHeMxWrP+beY7UY71B

Score

10^/10

gurcu redline discovery infostealer stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Aimbot.zip

Resource

win11-20250217-en

gurcu redline discovery infostealer stealer

windows11-21h2-x64

24 signatures

900 seconds

Malware Config

Extracted

Family

redline

C2

65.108.29.210:21638

Attributes

auth_value
ad39d6a8ea7823f2a92f57ebaa4c98a5

Targets

- Target
  
  Aimbot.zip
- Size
  
  1.8MB
- MD5
  
  9fab9e892dde96da60d8065a6687f32f
- SHA1
  
  d485fb05ed93a44ff57803103b271c5fa3882e79
- SHA256
  
  026ade51b2c8c528de21dae3cecb8c81530d08b2e28038e526c4747e0ea43ce0
- SHA512
  
  5741c905e86ab9d322b8752c8bc0ec1cf6ada750e8c9064bb5a2a0b6e471f83751a07c3516404afa41cba9f4bf2ec18ee35bb8e5d8fd67be33bbf5811cd0b339
- SSDEEP
  
  24576:7awwKusHwEwSDMn6iGqK3idUSeMITCqgcfyr4Py6K22i+i8rtVs1ZY7jQY71B:bwREDDM6AdHeMxWrP+beY7UY71B
Score

10^/10

gurcu redline discovery infostealer stealer
- Gurcu family
  gurcu
- Gurcu, WhiteSnake
  Gurcu aka WhiteSnake is a malware stealer written in C#.
  stealer gurcu
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Redline family
  redline
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gurcuredlinediscoveryinfostealerstealer

© 2018-2025

Terms | Privacy