Extracted

• • Target

    f4139d1d3f3fb68c221b9c63ad30b560420959803ab3011de83c4028213e96c6

  • Size

    25.5MB

  • MD5

    ad9eddce12966e365ddb9b7fdae91340

  • SHA1

    7f7bc6ceb99c67e01423c6f171df03f92771224e

  • SHA256

    f4139d1d3f3fb68c221b9c63ad30b560420959803ab3011de83c4028213e96c6

  • SHA512

    82932ed99e4a87730b3fda8d4bff0cae261dede6a36a25eae670b10f7d2b6903c2576b4cf8f9d263d9ec8ff22a05b967e039e0d299195bb6aad7f0445bdf2522

  • SSDEEP

    98304:blQKxQh+98myGsy1slENtrE7pQ8kq34vEStCAsDrP7J8yStyBCWLRV7VtC4bksxW:xQPY9mgGvkHEAsdtLRVRXgFqKQbEZxRD

  Score

  10^/10

  aurorashurkinfostealerstealer

  • Aurora

    Aurora is a crypto wallet stealer written in Golang.

    stealeraurora

  • Shurk

    Shurk is an infostealer, written in C++ which appeared in 2021.

    infostealershurk

  • Shurk Stealer payload

  • Blocklisted process makes network request

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  behavioral1behavioral2