Overview

overview

10

Static

static

3

AIMr.exe

windows7-x64

7

AIMr.exe

windows10-2004-x64

10

AIMr for exe.pyc

windows7-x64

3

AIMr for exe.pyc

windows10-2004-x64

3

Resubmissions

20-02-2024 00:51

240220-a7p21agc7s 10

20-02-2024 00:39

240220-azyzyagg33 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    AIMr.exe

  • Size

    8.7MB

  • Sample

    240220-azyzyagg33

  • MD5

    a0e21fe8f23d8e9d129df06fb6d13636

  • SHA1

    ffc6c8be542c112dcb9bb55114df82cf440192c4

  • SHA256

    754cdfe578fd727a22d985d006913e4f6f89c209fa7d85401449b0f4ecc6179e

  • SHA512

    3e7c35b1b7b1713b379665d11fb6cffdb12b5b8108b1d0e46071db629a4514dcd5478ca83a5b320bf108d35f1c693bb6dbbe1b14bae3ddce1b5189c296a51498

  • SSDEEP

    196608:jwbvW0jj51W903eV4QJ7MToEuGxgh858F0ibfULlgABfRk90Ql9:U60jj/W+eGQJ7MTozGxu8C0ibfAi3n

Score
10/10
shurkdiscoveryinfostealerpersistencepyinstaller

Malware Config

Targets

    • Target

      AIMr.exe

    • Size

      8.7MB

    • MD5

      a0e21fe8f23d8e9d129df06fb6d13636

    • SHA1

      ffc6c8be542c112dcb9bb55114df82cf440192c4

    • SHA256

      754cdfe578fd727a22d985d006913e4f6f89c209fa7d85401449b0f4ecc6179e

    • SHA512

      3e7c35b1b7b1713b379665d11fb6cffdb12b5b8108b1d0e46071db629a4514dcd5478ca83a5b320bf108d35f1c693bb6dbbe1b14bae3ddce1b5189c296a51498

    • SSDEEP

      196608:jwbvW0jj51W903eV4QJ7MToEuGxgh858F0ibfULlgABfRk90Ql9:U60jj/W+eGQJ7MTozGxu8C0ibfAi3n

    Score
    10/10
    shurkdiscoveryinfostealerpersistence

    • Shurk

      Shurk is an infostealer, written in C++ which appeared in 2021.

      infostealershurk

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Registers COM server for autorun

      persistence

    • Adds Run key to start application

      persistence

    • Blocklisted process makes network request

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

    • Target

      AIMr for exe.pyc

    • Size

      8KB

    • MD5

      806178d84f0ffd9322588a895c9f0ca1

    • SHA1

      19d7d0629d78f3203c6249508127d5d59226fa16

    • SHA256

      e2f88358c6d5d884418cf35d2b05878996c6b0989ab1cdda08423d5564c31f93

    • SHA512

      de0752ac08c0114dbc9247971174040551ef8f381616b2f130580b27953836a28b017f537f59819e6ee21f7b849832160d07692c78af6e5c562f1bae67e3a5db

    • SSDEEP

      192:6QW/WtrxIW0RjOkUFyfIngoARyjT/XE/rcfjMLgNkA4hhU:6Q0WZSVyFh0RyjT/0DcfjML24ha

    Score
    3/10
    behavioral3behavioral4

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

2
T1547

Registry Run Keys / Startup Folder

2
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

2
T1547

Registry Run Keys / Startup Folder

2
T1547.001

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

5
T1012

System Information Discovery

5
T1082

Peripheral Device Discovery

1
T1120

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Resource Development

Reconnaissance

Tasks