shurk | 7288587d69860d8b9567b6cb411b1cb134a177c7c5e49d0c8cccac3f709dcf8f

Analysis

Target

7288587d69860d8b9567b6cb411b1cb134a177c7c5e49d0c8cccac3f709dcf8f.exe
Size

6.1MB
MD5

a5404c0083177484a60748e3d3a73f11
SHA1

653f556af689af89e86b322af5af46b33f9ddbda
SHA256

7288587d69860d8b9567b6cb411b1cb134a177c7c5e49d0c8cccac3f709dcf8f
SHA512

160dc9b02c45c4cdf09bed2b623d62994047e040ef22eb43ec496daa2b498c75780c2814b800c1421736d677d52a35acf7b144a3b274a674a627a87a91559368

Score

10^/10

Shurk
Shurk is an infostealer, written in C++ which appeared in 2021.
infostealer shurk

Shurk Stealer Payload 1 IoCs

resource	yara_rule
behavioral1/memory/1464-54-0x00000000001A0000-0x00000000007BE000-memory.dmp	shurk_stealer

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
behavioral1/memory/1464-54-0x00000000001A0000-0x00000000007BE000-memory.dmp	vmprotect

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1464	7288587d69860d8b9567b6cb411b1cb134a177c7c5e49d0c8cccac3f709dcf8f.exe
1464	7288587d69860d8b9567b6cb411b1cb134a177c7c5e49d0c8cccac3f709dcf8f.exe

C:\Users\Admin\AppData\Local\Temp\7288587d69860d8b9567b6cb411b1cb134a177c7c5e49d0c8cccac3f709dcf8f.exe
"C:\Users\Admin\AppData\Local\Temp\7288587d69860d8b9567b6cb411b1cb134a177c7c5e49d0c8cccac3f709dcf8f.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:1464

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

memory/1464-54-0x00000000001A0000-0x00000000007BE000-memory.dmp

Filesize
6.1MB

Download