shurk | 74092ed53b8950bef5b21cd6c91a217ce470c566ba5cc3035e4ee7ef1ca8d216 | Triage

Submit
Reports

Overview

overview

Static

static

74092ed53b...16.exe

windows7_x64

74092ed53b...16.exe

windows10_x64

Sharing

General

Target

74092ed53b8950bef5b21cd6c91a217ce470c566ba5cc3035e4ee7ef1ca8d216
Size

1.8MB
Sample

211229-q9hcyaehf9
MD5

6c6e76d71006c755fc2fee38fc08e109
SHA1

2b77a52e4c1cae8ba6cf952a6d9b664e729231ea
SHA256

74092ed53b8950bef5b21cd6c91a217ce470c566ba5cc3035e4ee7ef1ca8d216
SHA512

ec3a9d2716fb1bb0fb3cdd55464fa91bce0abbf24ab539f90dbc3bb723781b98c64ce423c2fbba1666be49d192c75fce9033288a6ce80726fc2a6b2e77bda21b

Score

10^/10

shurk evasion infostealer spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

74092ed53b8950bef5b21cd6c91a217ce470c566ba5cc3035e4ee7ef1ca8d216.exe

Resource

win7-en-20211208

shurk evasion infostealer spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

74092ed53b8950bef5b21cd6c91a217ce470c566ba5cc3035e4ee7ef1ca8d216.exe

Resource

win10-en-20211208

shurk evasion infostealer spyware stealer trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  74092ed53b8950bef5b21cd6c91a217ce470c566ba5cc3035e4ee7ef1ca8d216
- Size
  
  1.8MB
- MD5
  
  6c6e76d71006c755fc2fee38fc08e109
- SHA1
  
  2b77a52e4c1cae8ba6cf952a6d9b664e729231ea
- SHA256
  
  74092ed53b8950bef5b21cd6c91a217ce470c566ba5cc3035e4ee7ef1ca8d216
- SHA512
  
  ec3a9d2716fb1bb0fb3cdd55464fa91bce0abbf24ab539f90dbc3bb723781b98c64ce423c2fbba1666be49d192c75fce9033288a6ce80726fc2a6b2e77bda21b
Score

10^/10

shurk evasion infostealer spyware stealer trojan
- Shurk
  Shurk is an infostealer, written in C++ which appeared in 2021.
  infostealer shurk
- Shurk Stealer Payload
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

shurkevasioninfostealerspywarestealertrojan

behavioral2

shurkevasioninfostealerspywarestealertrojan

© 2018-2024

Terms | Privacy