Overview

overview

10

Static

static

3

CoolR6.exe

windows7-x64

7

CoolR6.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    CoolR6.exe

  • Size

    17.6MB

  • Sample

    240804-yt4v1ayeqf

  • MD5

    6fdd3c3462d1a4a39b9fb67af06395db

  • SHA1

    7f06a83384d4d79b570db166cb91daf5afe82bf2

  • SHA256

    5781c5466d7da49fd3e1bf1d69794a52b4fa77c173bb5127198b55923e3d7d54

  • SHA512

    93299f7be003ffe93ba25745b9a5b5ed795cf6a6b2f3bf1c05d85c68899f1c1cba0b8f28118048172c5a2de4b6d221ccdfd30684ebdde1b01857857c1adbc846

  • SSDEEP

    393216:ELQtsuwT+X41+TtIiFq8uARuAQsFXmb6CqzWImE:8QtsH6o1QtI18uAgs8yCxE

Score
10/10
shurkcredential_accessinfostealerpyinstallerspywarestealer

Malware Config

Targets

    • Target

      CoolR6.exe

    • Size

      17.6MB

    • MD5

      6fdd3c3462d1a4a39b9fb67af06395db

    • SHA1

      7f06a83384d4d79b570db166cb91daf5afe82bf2

    • SHA256

      5781c5466d7da49fd3e1bf1d69794a52b4fa77c173bb5127198b55923e3d7d54

    • SHA512

      93299f7be003ffe93ba25745b9a5b5ed795cf6a6b2f3bf1c05d85c68899f1c1cba0b8f28118048172c5a2de4b6d221ccdfd30684ebdde1b01857857c1adbc846

    • SSDEEP

      393216:ELQtsuwT+X41+TtIiFq8uARuAQsFXmb6CqzWImE:8QtsH6o1QtI18uAgs8yCxE

    Score
    10/10
    shurkcredential_accessinfostealerspywarestealer

    • Shurk

      Shurk is an infostealer, written in C++ which appeared in 2021.

      infostealershurk

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

      credential_accessstealer

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks