Analysis
-
max time kernel
147s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
28-12-2023 10:01
Behavioral task
behavioral1
Sample
d78f6e614c824121dfca6db7d69f2319.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
d78f6e614c824121dfca6db7d69f2319.exe
Resource
win10v2004-20231215-en
General
-
Target
d78f6e614c824121dfca6db7d69f2319.exe
-
Size
472KB
-
MD5
d78f6e614c824121dfca6db7d69f2319
-
SHA1
084951271b3ab0292a9719a56463b7ff58db95ae
-
SHA256
8a548ac448370ff5c00b77e1f4592c9c0934087f729ee57f547e34e03792f2c1
-
SHA512
d7e58dac654e719f27133c0a097f88da90b4de12b65167af9b44605a81c77100fadfed30a7ab6eed019d995570649cd5e0d442093e2cdb615bc8ab9f0b10e17b
-
SSDEEP
12288:769T4U4+vKZhrTko73ri3CXEiFqrVVSP4pJDalpS6Xq2EVGfdm:7WTkqKfrTko77i3CXEigVVSPrlpSy/
Malware Config
Signatures
-
Shurk
Shurk is an infostealer, written in C++ which appeared in 2021.
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
d78f6e614c824121dfca6db7d69f2319.exepid process 2064 d78f6e614c824121dfca6db7d69f2319.exe 2064 d78f6e614c824121dfca6db7d69f2319.exe