shurk | 6cdefe842611b0f9fea4571bc07ff0de77740f440115852436f4afd1324e981a

Resubmissions

24-08-2021 11:16

210824-cr7ejlmq52 10

24-08-2021 11:10

210824-h5xzl36re6 10

24-08-2021 10:57

210824-r8ta8bdd7n 10

Analysis

max time kernel
15s
max time network
150s
platform
windows10_x64
resource
win10v20210408
submitted
24-08-2021 10:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

payload.bin.exe
Size

472KB
MD5

a89b5a1a3c1a93488c80c0068fa16109
SHA1

adeb69a80fe2bf50fd4ce269cc061a92b7ea7314
SHA256

6cdefe842611b0f9fea4571bc07ff0de77740f440115852436f4afd1324e981a
SHA512

c9ad3935a82af2c10c7db9e2a5b83e498de7fa8864b81db33798b629aeff72ce8a5b0dcd66ddf595c608bd87e0b9a94f70fef53f58d506095dbdcb4a8416061e

Score

10^/10

shurk infostealer spyware stealer

Malware Config

Signatures

Shurk
Shurk is an infostealer, written in C++ which appeared in 2021.
infostealer shurk
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
640	payload.bin.exe
640	payload.bin.exe

C:\Users\Admin\AppData\Local\Temp\payload.bin.exe
"C:\Users\Admin\AppData\Local\Temp\payload.bin.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:640

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

T1081

Discovery

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads