shurk | 9de0dfcf9baf669811374d2f6ed0a1182df8d0254cd210f6f2883c659014de5a | Triage

Submit
Reports

Overview

overview

Static

static

3

Setup.exe

windows7-x64

Setup.exe

windows10-2004-x64

Resubmissions

11-07-2023 15:07

230711-shb3yshf25 10

11-07-2023 05:05

230711-fqw2waed46 10

Sharing

General

Target

Setup.exe
Size

7.0MB
Sample

230711-shb3yshf25
MD5

7a7728a6ed63717026afc70d90780d54
SHA1

85861b46514cdb3fb55413af2f095455ff216747
SHA256

9de0dfcf9baf669811374d2f6ed0a1182df8d0254cd210f6f2883c659014de5a
SHA512

d9f877cf6e9f021069fd8e4d4623a944eb6bee34efa564cb64dfb3cdac9b756728c56e5b430e3f89606a49672917c503b19268d20594b95d3e15f1c244a39b43
SSDEEP

98304:ZLALpP1WbQ5/HChxfi0kMmJ6BxLk61BFO7FyAAC053zfVjOTHif:ZLA1SQ5/HSxfi0bBOubvCY8TC

Score

10^/10

shurk infostealer spyware stealer upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Setup.exe

Resource

win7-20230703-en

shurk infostealer spyware stealer upx

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

Setup.exe

Resource

win10v2004-20230703-en

shurk infostealer spyware stealer upx

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  Setup.exe
- Size
  
  7.0MB
- MD5
  
  7a7728a6ed63717026afc70d90780d54
- SHA1
  
  85861b46514cdb3fb55413af2f095455ff216747
- SHA256
  
  9de0dfcf9baf669811374d2f6ed0a1182df8d0254cd210f6f2883c659014de5a
- SHA512
  
  d9f877cf6e9f021069fd8e4d4623a944eb6bee34efa564cb64dfb3cdac9b756728c56e5b430e3f89606a49672917c503b19268d20594b95d3e15f1c244a39b43
- SSDEEP
  
  98304:ZLALpP1WbQ5/HChxfi0kMmJ6BxLk61BFO7FyAAC053zfVjOTHif:ZLA1SQ5/HSxfi0bBOubvCY8TC
Score

10^/10

shurk infostealer spyware stealer upx
- Shurk
  Shurk is an infostealer, written in C++ which appeared in 2021.
  infostealer shurk
- Shurk Stealer payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

shurkinfostealerspywarestealerupx

behavioral2

shurkinfostealerspywarestealerupx

© 2018-2024

Terms | Privacy