Overview

overview

10

Static

static

3

NOSU.exe

windows7-x64

10

NOSU.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    NOSU.exe

  • Size

    86KB

  • Sample

    240908-qaq6ssxdrk

  • MD5

    d5aebbb30b6b622ab2f6c0f9956395f2

  • SHA1

    b89cd9e3a2d5baa995c1bffbf183ba3fe48e47a1

  • SHA256

    266ec9b6c8f07ba35e7f7c1223583a6b78770f2647b8fdd1af7b1a5af18d4f9d

  • SHA512

    a1579b6f40c539d233368fd41b1af1226c63c596d19492f7adb0ac26319bac82e4adb8b0fc30c2dd20562a253d195311ab600d25b095a321deaa7fe25b9140ef

  • SSDEEP

    384:G0CpAU8pTNkdSSGC1TdwGNaXbb/UaHgGkE00PIYTNxg9DTUiJFnh:G04AbQaGNY0BY/g98izh

Score
10/10
shurkdiscoveryevasionexecutioninfostealertrojan

Malware Config

Targets

    • Target

      NOSU.exe

    • Size

      86KB

    • MD5

      d5aebbb30b6b622ab2f6c0f9956395f2

    • SHA1

      b89cd9e3a2d5baa995c1bffbf183ba3fe48e47a1

    • SHA256

      266ec9b6c8f07ba35e7f7c1223583a6b78770f2647b8fdd1af7b1a5af18d4f9d

    • SHA512

      a1579b6f40c539d233368fd41b1af1226c63c596d19492f7adb0ac26319bac82e4adb8b0fc30c2dd20562a253d195311ab600d25b095a321deaa7fe25b9140ef

    • SSDEEP

      384:G0CpAU8pTNkdSSGC1TdwGNaXbb/UaHgGkE00PIYTNxg9DTUiJFnh:G04AbQaGNY0BY/g98izh

    Score
    10/10
    shurkdiscoveryevasionexecutioninfostealertrojan

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • Shurk

      Shurk is an infostealer, written in C++ which appeared in 2021.

      infostealershurk

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Disables RegEdit via registry modification

      evasion

    • Disables Task Manager via registry modification

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks