shurk | 26e8e4ec167b6ab37ae7070e7dfccc0182e5987c914e55e043c5704dd8a36322 | Triage

Submit
Reports

Overview

overview

Static

static

26e8e4ec16...22.exe

windows7-x64

26e8e4ec16...22.exe

windows10-2004-x64

Sharing

General

Target

26e8e4ec167b6ab37ae7070e7dfccc0182e5987c914e55e043c5704dd8a36322
Size

1.5MB
Sample

221130-t7yhxsgd34
MD5

624cc456a092da6c9e6743ae6c8e23ae
SHA1

dce5d9d408802275eed56373aef0fd49053984e2
SHA256

26e8e4ec167b6ab37ae7070e7dfccc0182e5987c914e55e043c5704dd8a36322
SHA512

3e480419934d2c03e7499a9f79118638b6a8dd91ed744c08a5040c75a67ecd1d26cd64f6fba7070fcb32d2936991fd85e373fccd106d2dada9dbc599fbccbb11
SSDEEP

12288:anjVXpKgCPfJ5joXK2LUxv7VNdr1GI1xc8a+FwEwCGgRhde12kVSC4jkS695Dn19:YCHJ57xpLpLc8mEwCxL3kz9pn

Score

10^/10

shurk infostealer spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

26e8e4ec167b6ab37ae7070e7dfccc0182e5987c914e55e043c5704dd8a36322.exe

Resource

win7-20220901-en

shurk infostealer spyware stealer

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

26e8e4ec167b6ab37ae7070e7dfccc0182e5987c914e55e043c5704dd8a36322.exe

Resource

win10v2004-20220812-en

shurk infostealer spyware stealer

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  26e8e4ec167b6ab37ae7070e7dfccc0182e5987c914e55e043c5704dd8a36322
- Size
  
  1.5MB
- MD5
  
  624cc456a092da6c9e6743ae6c8e23ae
- SHA1
  
  dce5d9d408802275eed56373aef0fd49053984e2
- SHA256
  
  26e8e4ec167b6ab37ae7070e7dfccc0182e5987c914e55e043c5704dd8a36322
- SHA512
  
  3e480419934d2c03e7499a9f79118638b6a8dd91ed744c08a5040c75a67ecd1d26cd64f6fba7070fcb32d2936991fd85e373fccd106d2dada9dbc599fbccbb11
- SSDEEP
  
  12288:anjVXpKgCPfJ5joXK2LUxv7VNdr1GI1xc8a+FwEwCGgRhde12kVSC4jkS695Dn19:YCHJ57xpLpLc8mEwCxL3kz9pn
Score

10^/10

shurk infostealer spyware stealer
- Shurk
  Shurk is an infostealer, written in C++ which appeared in 2021.
  infostealer shurk
- Shurk Stealer payload
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

shurkinfostealerspywarestealer

behavioral2

shurkinfostealerspywarestealer

© 2018-2024

Terms | Privacy