shurk | 2c4c99185b86dd77bcdb99a1b29cf8956c71955549f7883795e50563a7e135d5 | Triage

Analysis

max time kernel
151s
max time network
48s
platform
windows7_x64
resource
win7-20220414-en
submitted
15-04-2022 02:05

Sharing

Report Analysis Logs

General

Target

2c4c99185b86dd77bcdb99a1b29cf8956c71955549f7883795e50563a7e135d5.exe
Size

163KB
MD5

9fe0656351ec0f02d92c9c9e80933714
SHA1

266147661e4139b68625d440f2a8dbf8eb649601
SHA256

2c4c99185b86dd77bcdb99a1b29cf8956c71955549f7883795e50563a7e135d5
SHA512

3b2d20de7ac23ad81f44692efd7b7a8660a9da9a83b7abbdc18ca69ed4e4b8bf795a68c7b63de2521c46504174043d63f7a3c20f4a0f159c14c056c0b751d9a5

Score

10^/10

shurk infostealer upx

Malware Config

Signatures

Shurk
Shurk is an infostealer, written in C++ which appeared in 2021.
infostealer shurk

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

yara_rule
upx
upx
upx
upx
upx
upx
upx
upx
upx
upx
upx
upx
upx
upx
upx
upx
upx
upx
upx
upx
upx
upx
upx
upx
upx
upx
upx
upx
upx
upx
upx
upx
upx
upx
upx
upx
upx
upx
upx
upx
upx
upx
upx
upx
upx
upx
upx
upx
upx
upx
upx
upx
upx
upx
upx
upx
upx
upx
upx
upx
upx
upx
upx
upx

Drops desktop.ini file(s) 3 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Local\Temp\desktop.ini	2c4c99185b86dd77bcdb99a1b29cf8956c71955549f7883795e50563a7e135d5.exe
File opened for modification	C:\Users\Admin\AppData\Local\Temp\desktop.ini	2c4c99185b86dd77bcdb99a1b29cf8956c71955549f7883795e50563a7e135d5.exe
File opened for modification	C:\Users\Admin\AppData\Local\Temp\Desktop.ini	2c4c99185b86dd77bcdb99a1b29cf8956c71955549f7883795e50563a7e135d5.exe

C:\Users\Admin\AppData\Local\Temp\2c4c99185b86dd77bcdb99a1b29cf8956c71955549f7883795e50563a7e135d5.exe
"C:\Users\Admin\AppData\Local\Temp\2c4c99185b86dd77bcdb99a1b29cf8956c71955549f7883795e50563a7e135d5.exe"
1⤵
- Drops desktop.ini file(s)
PID:536

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads