Overview

overview

10

Static

static

0cc485ab5c...3b.exe

windows7_x64

10

0cc485ab5c...3b.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0cc485ab5c00ba95759d821215475fa2ef7d6e682cb53b97a3a7c90dd0d42c3b

  • Size

    732KB

  • Sample

    220311-egfsvsahbn

  • MD5

    32f6f764b86b1a3ad33e2c1b66f691c6

  • SHA1

    7baadaa212daf9fa2ef6646410cf28a8301b9db4

  • SHA256

    0cc485ab5c00ba95759d821215475fa2ef7d6e682cb53b97a3a7c90dd0d42c3b

  • SHA512

    64ff433c41803196e88dd4de4825edac36a99a936600db350ac360c96f40532c8544006d6d4cf84c7d09158cf35d5e68995a9f828945fb000fee99081a23281f

Score
10/10
shurkinfostealerspywarestealer

Malware Config

Targets

    • Target

      0cc485ab5c00ba95759d821215475fa2ef7d6e682cb53b97a3a7c90dd0d42c3b

    • Size

      732KB

    • MD5

      32f6f764b86b1a3ad33e2c1b66f691c6

    • SHA1

      7baadaa212daf9fa2ef6646410cf28a8301b9db4

    • SHA256

      0cc485ab5c00ba95759d821215475fa2ef7d6e682cb53b97a3a7c90dd0d42c3b

    • SHA512

      64ff433c41803196e88dd4de4825edac36a99a936600db350ac360c96f40532c8544006d6d4cf84c7d09158cf35d5e68995a9f828945fb000fee99081a23281f

    Score
    10/10
    shurkinfostealerspywarestealer

    • Shurk

      Shurk is an infostealer, written in C++ which appeared in 2021.

      infostealershurk

    • Shurk Stealer Payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks