shurk | 3dc83821af5e8c315cfe4c710e603bf776e866f99f41532dd280d411bc103725

Analysis

Target

3dc83821af5e8c315cfe4c710e603bf776e866f99f41532dd280d411bc103725.exe
Size

472KB
MD5

74d9427d5f06e83790361ce7c2cadd31
SHA1

608fc51e8b018264c8879528d9dd81bcd8319aa8
SHA256

3dc83821af5e8c315cfe4c710e603bf776e866f99f41532dd280d411bc103725
SHA512

c4b3bab00dca72d4d0539084f3fa91d8c4606ef816d12e100fe88274cc12f9aea5dc1d82d3b65c7a15900a3d16a59f6478327cf2edec7fbe10a509bca312f928

Score

10^/10

Shurk
Shurk is an infostealer, written in C++ which appeared in 2021.
infostealer shurk
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
1304	3dc83821af5e8c315cfe4c710e603bf776e866f99f41532dd280d411bc103725.exe

C:\Users\Admin\AppData\Local\Temp\3dc83821af5e8c315cfe4c710e603bf776e866f99f41532dd280d411bc103725.exe
"C:\Users\Admin\AppData\Local\Temp\3dc83821af5e8c315cfe4c710e603bf776e866f99f41532dd280d411bc103725.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:1304

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact