Overview

overview

10

Static

static

2279a2fc74...46.exe

windows7_x64

10

2279a2fc74...46.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2279a2fc74c511633d4f497bb0b1411be114fbae287901e3f02139fd9c5d2346

  • Size

    732KB

  • Sample

    220328-sqzh8abdf8

  • MD5

    fb79729e325c9615648e2298ad535bc8

  • SHA1

    29e07592fd1a162d8bc77078930c761e4da61a7e

  • SHA256

    2279a2fc74c511633d4f497bb0b1411be114fbae287901e3f02139fd9c5d2346

  • SHA512

    74b9a601076e54f58eea5d4d87d1a2e4246ead09e26d5c0574e9f03def030266474c2ac11013d666ddbf30559b49bee6ddc7b9067fd13c945dd3ff97a7544349

Score
10/10
shurkinfostealerspywarestealer

Malware Config

Targets

    • Target

      2279a2fc74c511633d4f497bb0b1411be114fbae287901e3f02139fd9c5d2346

    • Size

      732KB

    • MD5

      fb79729e325c9615648e2298ad535bc8

    • SHA1

      29e07592fd1a162d8bc77078930c761e4da61a7e

    • SHA256

      2279a2fc74c511633d4f497bb0b1411be114fbae287901e3f02139fd9c5d2346

    • SHA512

      74b9a601076e54f58eea5d4d87d1a2e4246ead09e26d5c0574e9f03def030266474c2ac11013d666ddbf30559b49bee6ddc7b9067fd13c945dd3ff97a7544349

    Score
    10/10
    shurkinfostealerspywarestealer

    • Shurk

      Shurk is an infostealer, written in C++ which appeared in 2021.

      infostealershurk

    • Shurk Stealer Payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks