Malware Analysis Report

2024-10-23 19:17

Sample ID 230706-vaycbsec7x
Target Evolion Launcher.exe
SHA256 e85101062f748f61e87f91bac8abcaa11b5754fb364b8e99cc67b9e7f0283edc
Tags
gurcu stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

e85101062f748f61e87f91bac8abcaa11b5754fb364b8e99cc67b9e7f0283edc

Threat Level: Known bad

The file Evolion Launcher.exe was found to be: Known bad.

Malicious Activity Summary

gurcu stealer

Gurcu family

Gurcu, WhiteSnake

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2023-07-06 16:47

Signatures

Gurcu family

gurcu

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-07-06 16:47

Reported

2023-07-06 16:50

Platform

win7-20230703-en

Max time kernel

28s

Max time network

32s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Evolion Launcher.exe"

Signatures

Gurcu, WhiteSnake

stealer gurcu

Processes

C:\Users\Admin\AppData\Local\Temp\Evolion Launcher.exe

"C:\Users\Admin\AppData\Local\Temp\Evolion Launcher.exe"

Network

N/A

Files

memory/1644-54-0x0000000000B50000-0x0000000000CB6000-memory.dmp

memory/1644-55-0x00000000004E0000-0x0000000000520000-memory.dmp

memory/1644-56-0x0000000000410000-0x000000000041A000-memory.dmp

memory/1644-57-0x00000000004E0000-0x0000000000520000-memory.dmp

memory/1644-58-0x00000000004E0000-0x0000000000520000-memory.dmp

memory/1644-59-0x00000000004E0000-0x0000000000520000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2023-07-06 16:47

Reported

2023-07-06 16:50

Platform

win10v2004-20230703-en

Max time kernel

143s

Max time network

147s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Evolion Launcher.exe"

Signatures

Gurcu, WhiteSnake

stealer gurcu

Processes

C:\Users\Admin\AppData\Local\Temp\Evolion Launcher.exe

"C:\Users\Admin\AppData\Local\Temp\Evolion Launcher.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 71.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 126.21.238.8.in-addr.arpa udp
US 8.8.8.8:53 203.151.224.20.in-addr.arpa udp
US 8.8.8.8:53 14.173.189.20.in-addr.arpa udp

Files

memory/4684-133-0x0000000000B30000-0x0000000000C96000-memory.dmp

memory/4684-134-0x0000000005760000-0x0000000005770000-memory.dmp

memory/4684-135-0x0000000008450000-0x0000000008458000-memory.dmp

memory/4684-136-0x00000000089C0000-0x00000000089F8000-memory.dmp

memory/4684-137-0x0000000008990000-0x000000000899E000-memory.dmp

memory/4684-138-0x0000000005760000-0x0000000005770000-memory.dmp

memory/4684-139-0x0000000005760000-0x0000000005770000-memory.dmp

memory/4684-140-0x0000000005760000-0x0000000005770000-memory.dmp

memory/4684-141-0x0000000005760000-0x0000000005770000-memory.dmp

memory/4684-142-0x0000000005760000-0x0000000005770000-memory.dmp