General

  • Target

    3466737690a5204b110c67c3a6be935e347b21a112fafe0784950cfe907450fc

  • Size

    7.0MB

  • Sample

    230129-w6ds8sad6y

  • MD5

    bfa692ee18e128450fd26efefbd4cef2

  • SHA1

    7a29eff8584ef211223f2ddf971901dfd8960be0

  • SHA256

    3466737690a5204b110c67c3a6be935e347b21a112fafe0784950cfe907450fc

  • SHA512

    2740e8bb9df2cae6a73a02b2aacd66d40423c95738a79d92a9d86f437bb220c406bdab3ee4444316f76cf5b95e5921068b615520b3b09e903d53b569b245108b

  • SSDEEP

    196608:OFQ4BExN3TxQGyl+a4hBAIyVXxsGVvZVfAv4ofw0mTf7X+dRgw:OFQ4ExlTxdyl+aCfsXrJZV+4J9OdCw

Malware Config

Targets

    • Target

      3466737690a5204b110c67c3a6be935e347b21a112fafe0784950cfe907450fc

    • Size

      7.0MB

    • MD5

      bfa692ee18e128450fd26efefbd4cef2

    • SHA1

      7a29eff8584ef211223f2ddf971901dfd8960be0

    • SHA256

      3466737690a5204b110c67c3a6be935e347b21a112fafe0784950cfe907450fc

    • SHA512

      2740e8bb9df2cae6a73a02b2aacd66d40423c95738a79d92a9d86f437bb220c406bdab3ee4444316f76cf5b95e5921068b615520b3b09e903d53b569b245108b

    • SSDEEP

      196608:OFQ4BExN3TxQGyl+a4hBAIyVXxsGVvZVfAv4ofw0mTf7X+dRgw:OFQ4ExlTxdyl+aCfsXrJZV+4J9OdCw

    • Shurk

      Shurk is an infostealer, written in C++ which appeared in 2021.

    • Shurk Stealer payload

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Enterprise v6

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.