Malware Analysis Report

2024-10-23 19:17

Sample ID 230706-vaha4sec7v
Target Evolion Launcher.exe
SHA256 e85101062f748f61e87f91bac8abcaa11b5754fb364b8e99cc67b9e7f0283edc
Tags
gurcu stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

e85101062f748f61e87f91bac8abcaa11b5754fb364b8e99cc67b9e7f0283edc

Threat Level: Known bad

The file Evolion Launcher.exe was found to be: Known bad.

Malicious Activity Summary

gurcu stealer

Gurcu, WhiteSnake

Gurcu family

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2023-07-06 16:47

Signatures

Gurcu family

gurcu

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-07-06 16:47

Reported

2023-07-06 16:49

Platform

win7-20230703-en

Max time kernel

72s

Max time network

75s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Evolion Launcher.exe"

Signatures

Gurcu, WhiteSnake

stealer gurcu

Processes

C:\Users\Admin\AppData\Local\Temp\Evolion Launcher.exe

"C:\Users\Admin\AppData\Local\Temp\Evolion Launcher.exe"

Network

Country Destination Domain Proto
US 192.229.211.108:80 tcp

Files

memory/268-54-0x00000000001A0000-0x0000000000306000-memory.dmp

memory/268-55-0x0000000004F80000-0x0000000004FC0000-memory.dmp

memory/268-56-0x00000000003E0000-0x00000000003EA000-memory.dmp

memory/268-57-0x0000000004F80000-0x0000000004FC0000-memory.dmp

memory/268-58-0x0000000004F80000-0x0000000004FC0000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2023-07-06 16:47

Reported

2023-07-06 16:49

Platform

win10v2004-20230703-en

Max time kernel

143s

Max time network

148s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Evolion Launcher.exe"

Signatures

Gurcu, WhiteSnake

stealer gurcu

Processes

C:\Users\Admin\AppData\Local\Temp\Evolion Launcher.exe

"C:\Users\Admin\AppData\Local\Temp\Evolion Launcher.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 71.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 95.143.109.104.in-addr.arpa udp
US 8.8.8.8:53 203.151.224.20.in-addr.arpa udp
US 8.8.8.8:53 90.65.42.20.in-addr.arpa udp

Files

memory/828-133-0x0000000000540000-0x00000000006A6000-memory.dmp

memory/828-134-0x0000000004FB0000-0x0000000004FC0000-memory.dmp

memory/828-135-0x0000000007E60000-0x0000000007E68000-memory.dmp

memory/828-136-0x0000000008290000-0x00000000082C8000-memory.dmp

memory/828-137-0x0000000008250000-0x000000000825E000-memory.dmp

memory/828-138-0x0000000004FB0000-0x0000000004FC0000-memory.dmp

memory/828-139-0x0000000004FB0000-0x0000000004FC0000-memory.dmp

memory/828-140-0x0000000004FB0000-0x0000000004FC0000-memory.dmp

memory/828-141-0x0000000004FB0000-0x0000000004FC0000-memory.dmp

memory/828-142-0x0000000004FB0000-0x0000000004FC0000-memory.dmp