shurk | 6c914c50fac73c78b3fd196e7361dd5d3611a26a77dd2c2905ca946a30601000 | Triage

Submit
Reports

Overview

overview

Static

static

3

a2061e2151...44.exe

windows7-x64

a2061e2151...44.exe

windows10-2004-x64

Sharing

General

Target

a2003bd97dc1213350922c80f30c1993.bin
Size

14.1MB
Sample

230717-b53qrahg57
MD5

4b53641ee1e0aa6885df65d408dfc4be
SHA1

70db7b83f844712df278fd25419351ba24f2defe
SHA256

6c914c50fac73c78b3fd196e7361dd5d3611a26a77dd2c2905ca946a30601000
SHA512

ffb69bfc3ff5e707fe9e034e4c810a0817ddcdb22aaf149ed3afe149e42eed2bc7e273e3751704b03be10bbcb2d1da08d94af11de7766202d06a58cb307b2a12
SSDEEP

393216:2pE1hIjaueXwgHj2eSTdOXne6+6/BicEKvJ7E/IRz5bE35:2pdj9s9sIXnh+U8MvJ7E/I/bE35

Score

10^/10

shurk infostealer spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

a2061e2151eab44f61c984475680cee2ae69325b4fa55aec57381f2390f97b44.exe

Resource

win7-20230712-en

shurk infostealer

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral2

Sample

a2061e2151eab44f61c984475680cee2ae69325b4fa55aec57381f2390f97b44.exe

Resource

win10v2004-20230703-en

shurk infostealer spyware stealer

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  a2061e2151eab44f61c984475680cee2ae69325b4fa55aec57381f2390f97b44.exe
- Size
  
  16.9MB
- MD5
  
  a2003bd97dc1213350922c80f30c1993
- SHA1
  
  4d69ba16bf5b456fd0f30bda7d4ca2f4acfc29d3
- SHA256
  
  a2061e2151eab44f61c984475680cee2ae69325b4fa55aec57381f2390f97b44
- SHA512
  
  73c6da611f124e6b31492ff9d25f6691d79d74596aeb7e877a6993d171b5b2715f536f3f965bbccc770472f02459e16f759f6ddb219a81410d1b86413aa871f1
- SSDEEP
  
  393216:0TQvE3PLny7Xq+4E0ZLlW3rBAtTkuk8LyKa1y3:0uQby7X/dALUVAz4n1
Score

10^/10

shurk infostealer spyware stealer
- Shurk
  Shurk is an infostealer, written in C++ which appeared in 2021.
  infostealer shurk
- Shurk Stealer payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

shurkinfostealer

behavioral2

shurkinfostealerspywarestealer

© 2018-2024

Terms | Privacy