General
-
Target
fecbec287420f4478ef41f68fc9db23c3653a95ff92d384f1eb6e1400306598d
-
Size
2.6MB
-
Sample
220708-t9q7maaehk
-
MD5
0e6afcd095ed048bf3b058ff8dff868b
-
SHA1
f2a08a7c5b9bda0f1b224b40b653b495e6e4b777
-
SHA256
fecbec287420f4478ef41f68fc9db23c3653a95ff92d384f1eb6e1400306598d
-
SHA512
f878424d911ebce64934efa4563abe2a842841891de1bc79909022b8e6130cfe9108044fb600a389faa3916ba3f0a78163a18609f47de624a1c850dfe61df07b
Malware Config
Targets
-
-
Target
fecbec287420f4478ef41f68fc9db23c3653a95ff92d384f1eb6e1400306598d
-
Size
2.6MB
-
MD5
0e6afcd095ed048bf3b058ff8dff868b
-
SHA1
f2a08a7c5b9bda0f1b224b40b653b495e6e4b777
-
SHA256
fecbec287420f4478ef41f68fc9db23c3653a95ff92d384f1eb6e1400306598d
-
SHA512
f878424d911ebce64934efa4563abe2a842841891de1bc79909022b8e6130cfe9108044fb600a389faa3916ba3f0a78163a18609f47de624a1c850dfe61df07b
Score10/10-
Shurk
Shurk is an infostealer, written in C++ which appeared in 2021.
-
Shurk Stealer payload
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
Checks whether UAC is enabled
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-