Overview

overview

10

Static

static

8

1256bf2bd1...47.exe

windows7_x64

10

1256bf2bd1...47.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1256bf2bd1e32727eb158c22208864325f73a00dba20d71d17f5703c3fc1e347

  • Size

    6.4MB

  • Sample

    211229-q82eesehe5

  • MD5

    5b8ca4452a18ad1b518fcaf80d5d71fb

  • SHA1

    432b84e875658bfe8536fe86dbc7046565495a24

  • SHA256

    1256bf2bd1e32727eb158c22208864325f73a00dba20d71d17f5703c3fc1e347

  • SHA512

    6ccc0bb2e9b075c260982bce6a1731ea9f2804203b4e67bb6340fe9397b332feef41dcaa851d6e205cebe986f0218e10332d69c01d66b666263a48b3135de46f

Score
10/10
shurkinfostealervmprotect

Malware Config

Targets

    • Target

      1256bf2bd1e32727eb158c22208864325f73a00dba20d71d17f5703c3fc1e347

    • Size

      6.4MB

    • MD5

      5b8ca4452a18ad1b518fcaf80d5d71fb

    • SHA1

      432b84e875658bfe8536fe86dbc7046565495a24

    • SHA256

      1256bf2bd1e32727eb158c22208864325f73a00dba20d71d17f5703c3fc1e347

    • SHA512

      6ccc0bb2e9b075c260982bce6a1731ea9f2804203b4e67bb6340fe9397b332feef41dcaa851d6e205cebe986f0218e10332d69c01d66b666263a48b3135de46f

    Score
    10/10
    shurkinfostealervmprotect

    • Shurk

      Shurk is an infostealer, written in C++ which appeared in 2021.

      infostealershurk

    • Shurk Stealer Payload

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks