Overview

overview

10

Static

static

1

del.bat

windows7-x64

1

del.bat

windows10-2004-x64

10

Resubmissions

12-07-2023 22:24

230712-2bgvaseg77 10

12-07-2023 22:17

230712-17bsgsfg4x 6

Sharing

Copy URL
Twitter E-mail

General

  • Target

    del.bat

  • Size

    25B

  • Sample

    230712-2bgvaseg77

  • MD5

    90982e304ae9cac175b8953d8dac1034

  • SHA1

    eabc2a4088796719de06f31fa7a086677dfa7c75

  • SHA256

    186c18ad276aa93b47ac826eef1925b9d15b0dc9cd6daf4c4ed89ba6df09b232

  • SHA512

    add6afd6dce66ffeb29519ea2daf326cb78dd9e19414d2428eba1cbd39a849dfe9a5d1918117b9469625b5233d45932b22b234ba5dc4eb4ed5cacae09d9bf3af

Score
10/10
shurkinfostealerspywareupx

Malware Config

Targets

    • Target

      del.bat

    • Size

      25B

    • MD5

      90982e304ae9cac175b8953d8dac1034

    • SHA1

      eabc2a4088796719de06f31fa7a086677dfa7c75

    • SHA256

      186c18ad276aa93b47ac826eef1925b9d15b0dc9cd6daf4c4ed89ba6df09b232

    • SHA512

      add6afd6dce66ffeb29519ea2daf326cb78dd9e19414d2428eba1cbd39a849dfe9a5d1918117b9469625b5233d45932b22b234ba5dc4eb4ed5cacae09d9bf3af

    Score
    10/10
    shurkinfostealerspywareupx

    • Shurk

      Shurk is an infostealer, written in C++ which appeared in 2021.

      infostealershurk

    • Shurk Stealer payload

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Drops desktop.ini file(s)

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks