Analysis Overview
SHA256
e85101062f748f61e87f91bac8abcaa11b5754fb364b8e99cc67b9e7f0283edc
Threat Level: Known bad
The file Evolion Launcher.exe was found to be: Known bad.
Malicious Activity Summary
Gurcu, WhiteSnake
Gurcu family
Unsigned PE
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2023-07-06 16:47
Signatures
Gurcu family
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2023-07-06 16:47
Reported
2023-07-06 16:49
Platform
win7-20230703-en
Max time kernel
72s
Max time network
75s
Command Line
Signatures
Gurcu, WhiteSnake
Processes
C:\Users\Admin\AppData\Local\Temp\Evolion Launcher.exe
"C:\Users\Admin\AppData\Local\Temp\Evolion Launcher.exe"
Network
| Country | Destination | Domain | Proto |
| US | 192.229.211.108:80 | tcp |
Files
memory/268-54-0x00000000001A0000-0x0000000000306000-memory.dmp
memory/268-55-0x0000000004F80000-0x0000000004FC0000-memory.dmp
memory/268-56-0x00000000003E0000-0x00000000003EA000-memory.dmp
memory/268-57-0x0000000004F80000-0x0000000004FC0000-memory.dmp
memory/268-58-0x0000000004F80000-0x0000000004FC0000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2023-07-06 16:47
Reported
2023-07-06 16:49
Platform
win10v2004-20230703-en
Max time kernel
143s
Max time network
148s
Command Line
Signatures
Gurcu, WhiteSnake
Processes
C:\Users\Admin\AppData\Local\Temp\Evolion Launcher.exe
"C:\Users\Admin\AppData\Local\Temp\Evolion Launcher.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 71.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.143.109.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.151.224.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.65.42.20.in-addr.arpa | udp |
Files
memory/828-133-0x0000000000540000-0x00000000006A6000-memory.dmp
memory/828-134-0x0000000004FB0000-0x0000000004FC0000-memory.dmp
memory/828-135-0x0000000007E60000-0x0000000007E68000-memory.dmp
memory/828-136-0x0000000008290000-0x00000000082C8000-memory.dmp
memory/828-137-0x0000000008250000-0x000000000825E000-memory.dmp
memory/828-138-0x0000000004FB0000-0x0000000004FC0000-memory.dmp
memory/828-139-0x0000000004FB0000-0x0000000004FC0000-memory.dmp
memory/828-140-0x0000000004FB0000-0x0000000004FC0000-memory.dmp
memory/828-141-0x0000000004FB0000-0x0000000004FC0000-memory.dmp
memory/828-142-0x0000000004FB0000-0x0000000004FC0000-memory.dmp