Overview

overview

10

Static

static

10

f4139d1d3f...c6.exe

windows7-x64

10

f4139d1d3f...c6.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f4139d1d3f3fb68c221b9c63ad30b560420959803ab3011de83c4028213e96c6

  • Size

    25.5MB

  • Sample

    240304-xc174saa51

  • MD5

    ad9eddce12966e365ddb9b7fdae91340

  • SHA1

    7f7bc6ceb99c67e01423c6f171df03f92771224e

  • SHA256

    f4139d1d3f3fb68c221b9c63ad30b560420959803ab3011de83c4028213e96c6

  • SHA512

    82932ed99e4a87730b3fda8d4bff0cae261dede6a36a25eae670b10f7d2b6903c2576b4cf8f9d263d9ec8ff22a05b967e039e0d299195bb6aad7f0445bdf2522

  • SSDEEP

    98304:blQKxQh+98myGsy1slENtrE7pQ8kq34vEStCAsDrP7J8yStyBCWLRV7VtC4bksxW:xQPY9mgGvkHEAsdtLRVRXgFqKQbEZxRD

Score
10/10
aurorashurkinfostealerstealer

Malware Config

Extracted

Language
ps1
Source
URLs
ps1.dropper

https://rentry.org/sb54d2/raw

Targets

    • Target

      f4139d1d3f3fb68c221b9c63ad30b560420959803ab3011de83c4028213e96c6

    • Size

      25.5MB

    • MD5

      ad9eddce12966e365ddb9b7fdae91340

    • SHA1

      7f7bc6ceb99c67e01423c6f171df03f92771224e

    • SHA256

      f4139d1d3f3fb68c221b9c63ad30b560420959803ab3011de83c4028213e96c6

    • SHA512

      82932ed99e4a87730b3fda8d4bff0cae261dede6a36a25eae670b10f7d2b6903c2576b4cf8f9d263d9ec8ff22a05b967e039e0d299195bb6aad7f0445bdf2522

    • SSDEEP

      98304:blQKxQh+98myGsy1slENtrE7pQ8kq34vEStCAsDrP7J8yStyBCWLRV7VtC4bksxW:xQPY9mgGvkHEAsdtLRVRXgFqKQbEZxRD

    Score
    10/10
    aurorashurkinfostealerstealer

    • Aurora

      Aurora is a crypto wallet stealer written in Golang.

      stealeraurora

    • Shurk

      Shurk is an infostealer, written in C++ which appeared in 2021.

      infostealershurk

    • Shurk Stealer payload

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

1
T1553

Install Root Certificate

1
T1553.004

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks