General
-
Target
914c9655900b5fe48a51e6814c32a72dad0eb315b9422d22412c0349d918009e
-
Size
9.8MB
-
Sample
240820-g9818a1erp
-
MD5
764647736f890ef13f918079dc9d72cf
-
SHA1
1709f276759093323650d98d724124f9906adb05
-
SHA256
914c9655900b5fe48a51e6814c32a72dad0eb315b9422d22412c0349d918009e
-
SHA512
f766939786f1ee13a7e8fd04eaec0c4371f1ca100610c3bf224578cb25070aed7b93cd187bf6e4c89113de996bd97ee054714fa7f43bb2ff3cc281fb20293f97
-
SSDEEP
196608:t9++KYyCBPgEdqiz0UKq3GaXcaK4PotqSOpsgymzgqae6WMr:kY9PgOlzLKq2GcP44ON2e6n
Malware Config
Targets
-
-
Target
914c9655900b5fe48a51e6814c32a72dad0eb315b9422d22412c0349d918009e
-
Size
9.8MB
-
MD5
764647736f890ef13f918079dc9d72cf
-
SHA1
1709f276759093323650d98d724124f9906adb05
-
SHA256
914c9655900b5fe48a51e6814c32a72dad0eb315b9422d22412c0349d918009e
-
SHA512
f766939786f1ee13a7e8fd04eaec0c4371f1ca100610c3bf224578cb25070aed7b93cd187bf6e4c89113de996bd97ee054714fa7f43bb2ff3cc281fb20293f97
-
SSDEEP
196608:t9++KYyCBPgEdqiz0UKq3GaXcaK4PotqSOpsgymzgqae6WMr:kY9PgOlzLKq2GcP44ON2e6n
Score10/10-
Shurk
Shurk is an infostealer, written in C++ which appeared in 2021.
-
Disables RegEdit via registry modification
-
Event Triggered Execution: Image File Execution Options Injection
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Sets desktop wallpaper using registry
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Persistence
Event Triggered Execution
1Image File Execution Options Injection
1Pre-OS Boot
1Bootkit
1Privilege Escalation
Event Triggered Execution
1Image File Execution Options Injection
1