Malware Analysis Report

2024-10-23 19:17

Sample ID 230711-pl81bagh58
Target ebdda35a64fdd77737a3ec887c3c63b9.bin
SHA256 dd91d4063900789c1d9de4b8f5a3d71dd5a7b207df020fa530e019050dc70022
Tags
gurcu stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

dd91d4063900789c1d9de4b8f5a3d71dd5a7b207df020fa530e019050dc70022

Threat Level: Known bad

The file ebdda35a64fdd77737a3ec887c3c63b9.bin was found to be: Known bad.

Malicious Activity Summary

gurcu stealer

Gurcu family

Gurcu, WhiteSnake

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2023-07-11 12:26

Signatures

Gurcu family

gurcu

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-07-11 12:26

Reported

2023-07-11 12:28

Platform

win7-20230703-en

Max time kernel

30s

Max time network

33s

Command Line

"C:\Users\Admin\AppData\Local\Temp\e85101062f748f61e87f91bac8abcaa11b5754fb364b8e99cc67b9e7f0283edc.exe"

Signatures

Gurcu, WhiteSnake

stealer gurcu

Processes

C:\Users\Admin\AppData\Local\Temp\e85101062f748f61e87f91bac8abcaa11b5754fb364b8e99cc67b9e7f0283edc.exe

"C:\Users\Admin\AppData\Local\Temp\e85101062f748f61e87f91bac8abcaa11b5754fb364b8e99cc67b9e7f0283edc.exe"

Network

N/A

Files

memory/2872-54-0x0000000000B50000-0x0000000000CB6000-memory.dmp

memory/2872-55-0x00000000043F0000-0x0000000004430000-memory.dmp

memory/2872-56-0x0000000000420000-0x000000000042A000-memory.dmp

memory/2872-57-0x0000000000420000-0x000000000042A000-memory.dmp

memory/2872-58-0x00000000043F0000-0x0000000004430000-memory.dmp

memory/2872-59-0x00000000043F0000-0x0000000004430000-memory.dmp

memory/2872-60-0x0000000000420000-0x000000000042A000-memory.dmp

memory/2872-61-0x0000000000420000-0x000000000042A000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2023-07-11 12:26

Reported

2023-07-11 12:28

Platform

win10v2004-20230703-en

Max time kernel

140s

Max time network

137s

Command Line

"C:\Users\Admin\AppData\Local\Temp\e85101062f748f61e87f91bac8abcaa11b5754fb364b8e99cc67b9e7f0283edc.exe"

Signatures

Gurcu, WhiteSnake

stealer gurcu

Processes

C:\Users\Admin\AppData\Local\Temp\e85101062f748f61e87f91bac8abcaa11b5754fb364b8e99cc67b9e7f0283edc.exe

"C:\Users\Admin\AppData\Local\Temp\e85101062f748f61e87f91bac8abcaa11b5754fb364b8e99cc67b9e7f0283edc.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 59.128.231.4.in-addr.arpa udp
US 8.8.8.8:53 73.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
US 8.8.8.8:53 2.136.104.51.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 140.121.18.2.in-addr.arpa udp
US 8.8.8.8:53 211.143.182.52.in-addr.arpa udp

Files

memory/4008-133-0x0000000000A20000-0x0000000000B86000-memory.dmp

memory/4008-134-0x00000000055A0000-0x00000000055B0000-memory.dmp

memory/4008-135-0x0000000008820000-0x0000000008828000-memory.dmp

memory/4008-136-0x00000000088B0000-0x00000000088E8000-memory.dmp

memory/4008-137-0x0000000008880000-0x000000000888E000-memory.dmp

memory/4008-138-0x00000000055A0000-0x00000000055B0000-memory.dmp

memory/4008-139-0x00000000055A0000-0x00000000055B0000-memory.dmp

memory/4008-140-0x00000000055A0000-0x00000000055B0000-memory.dmp

memory/4008-141-0x00000000055A0000-0x00000000055B0000-memory.dmp