shurk | 6cdefe842611b0f9fea4571bc07ff0de77740f440115852436f4afd1324e981a

Analysis

Target

payload.bin.exe
Size

472KB
MD5

a89b5a1a3c1a93488c80c0068fa16109
SHA1

adeb69a80fe2bf50fd4ce269cc061a92b7ea7314
SHA256

6cdefe842611b0f9fea4571bc07ff0de77740f440115852436f4afd1324e981a
SHA512

c9ad3935a82af2c10c7db9e2a5b83e498de7fa8864b81db33798b629aeff72ce8a5b0dcd66ddf595c608bd87e0b9a94f70fef53f58d506095dbdcb4a8416061e

Score

10^/10

Shurk
Shurk is an infostealer, written in C++ which appeared in 2021.
infostealer shurk
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3176	payload.bin.exe
3176	payload.bin.exe

C:\Users\Admin\AppData\Local\Temp\payload.bin.exe
"C:\Users\Admin\AppData\Local\Temp\payload.bin.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:3176

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact