shurk | 27b5f0fdff5f0c145b888f9647ef6358e6cda6affbb53650a63d1824555cb5a3 | Triage

Sharing

General

Target

NOSU.exe
Size

86KB
Sample

240908-pvgbnawfkm
MD5

402c6352fba5ee2006bb018342c72dc0
SHA1

06bc6949524a71ea300169b9b537f74a27699c29
SHA256

27b5f0fdff5f0c145b888f9647ef6358e6cda6affbb53650a63d1824555cb5a3
SHA512

bac367a7c27b94565bce577b9001df7d8d11410a86fe5b04d03cff81f2dcc16823463ef162b57292dbdc62d3daa671c5a5cd5df537a4c8bbba45d25686b3d51f
SSDEEP

384:Z0CBAU8pTNkdSSGC1TdwGNaXbb/UaHgGkE00PIYYN2g9DTUiJFnh:Z0wAbQaGNY0BYzg98izh

Score

10^/10

shurk discovery evasion execution infostealer trojan

Malware Config

Targets

- Target
  
  NOSU.exe
- Size
  
  86KB
- MD5
  
  402c6352fba5ee2006bb018342c72dc0
- SHA1
  
  06bc6949524a71ea300169b9b537f74a27699c29
- SHA256
  
  27b5f0fdff5f0c145b888f9647ef6358e6cda6affbb53650a63d1824555cb5a3
- SHA512
  
  bac367a7c27b94565bce577b9001df7d8d11410a86fe5b04d03cff81f2dcc16823463ef162b57292dbdc62d3daa671c5a5cd5df537a4c8bbba45d25686b3d51f
- SSDEEP
  
  384:Z0CBAU8pTNkdSSGC1TdwGNaXbb/UaHgGkE00PIYYN2g9DTUiJFnh:Z0wAbQaGNY0BYzg98izh
Score

10^/10

shurk discovery evasion execution infostealer trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Shurk
  Shurk is an infostealer, written in C++ which appeared in 2021.
  infostealer shurk
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

shurkdiscoveryevasionexecutioninfostealertrojan

behavioral2

shurkdiscoveryevasionexecutioninfostealertrojan