Overview

overview

10

Static

static

3

Launcher.exe

windows7-x64

10

Launcher.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Launcher.bin.zip

  • Size

    8.3MB

  • Sample

    230811-cydnqaca5v

  • MD5

    6d747009f18edd6fdbda914f2b2ab519

  • SHA1

    5590136d002c473ed365da4891db99a2b9279aa9

  • SHA256

    5d664949d5e1ec3b32f6158556ba036bc72d4f62ce94ac214d53dd434287180b

  • SHA512

    2d7ad86740899630178fd3068444236201c24a374c8b1e3277893947eb92d4769cd84fb0394aa3eaa37987c904c855ccc18fd4342bb2cf3daba5c3874e2c247f

  • SSDEEP

    196608:3t40c8UvBeqd6arRFEGx5pXH9+/d6k2UZD0oY:O0cfZbd6aRFEGbpI/P2Io

Score
10/10
shurkinfostealerpersistencespywarestealer

Malware Config

Targets

    • Target

      Launcher.bin

    • Size

      11.5MB

    • MD5

      525eca0e85c3325eca5b5b3cfeacd241

    • SHA1

      809ff78b0c5a587672f993c6a15c98bdd36141c3

    • SHA256

      9f77929368d4760cdf6a905141622bce67b5c2e13f14b2e12ac8b658108ccdbb

    • SHA512

      c815f1393d61e4743317cbbaa2aec8d917e0cc20990b5afa8a5960db703bbbbb1c257d0322d301f15f933cb7a9bf07d7de927663a34420ff892a81ca3227c320

    • SSDEEP

      49152:+qRnLGu+sHczMYNYEBBMaS3H5KCKsntU6ZKC9sBcRLr1+ar9SgVfB1LlGrGOjk1s:sug

    Score
    10/10
    shurkinfostealerpersistencespywarestealer

    • Shurk

      Shurk is an infostealer, written in C++ which appeared in 2021.

      infostealershurk

    • Shurk Stealer payload

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Adds Run key to start application

      persistence

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks