Resubmissions

11-07-2023 15:07

230711-shb3yshf25 10

11-07-2023 05:05

230711-fqw2waed46 10

General

  • Target

    Setup.exe

  • Size

    7.0MB

  • Sample

    230711-fqw2waed46

  • MD5

    7a7728a6ed63717026afc70d90780d54

  • SHA1

    85861b46514cdb3fb55413af2f095455ff216747

  • SHA256

    9de0dfcf9baf669811374d2f6ed0a1182df8d0254cd210f6f2883c659014de5a

  • SHA512

    d9f877cf6e9f021069fd8e4d4623a944eb6bee34efa564cb64dfb3cdac9b756728c56e5b430e3f89606a49672917c503b19268d20594b95d3e15f1c244a39b43

  • SSDEEP

    98304:ZLALpP1WbQ5/HChxfi0kMmJ6BxLk61BFO7FyAAC053zfVjOTHif:ZLA1SQ5/HSxfi0bBOubvCY8TC

Malware Config

Targets

    • Target

      Setup.exe

    • Size

      7.0MB

    • MD5

      7a7728a6ed63717026afc70d90780d54

    • SHA1

      85861b46514cdb3fb55413af2f095455ff216747

    • SHA256

      9de0dfcf9baf669811374d2f6ed0a1182df8d0254cd210f6f2883c659014de5a

    • SHA512

      d9f877cf6e9f021069fd8e4d4623a944eb6bee34efa564cb64dfb3cdac9b756728c56e5b430e3f89606a49672917c503b19268d20594b95d3e15f1c244a39b43

    • SSDEEP

      98304:ZLALpP1WbQ5/HChxfi0kMmJ6BxLk61BFO7FyAAC053zfVjOTHif:ZLA1SQ5/HSxfi0bBOubvCY8TC

    • Shurk

      Shurk is an infostealer, written in C++ which appeared in 2021.

    • Shurk Stealer payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v6

Tasks