MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7ea4937a54c4f1373be662d2a8c3bb4aa34faf25dff90318921bdc5a5853524c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


ShurkStealer


Vendor detections: 6


Intelligence 6 IOCs YARA 4 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7ea4937a54c4f1373be662d2a8c3bb4aa34faf25dff90318921bdc5a5853524c
SHA3-384 hash: 04c7676edfc5a108d5ab21d1f5c8d741c2bf8d807a5f66e770b9710fb429f7f60938fdbe6bf0767dda41e0e31831f0d5
SHA1 hash: c9c9c25f0f90048face442c607428cfbfdc3798b
MD5 hash: a7e7c55d763359f4b590ea4eec10b800
humanhash: ink-winter-hawaii-bravo
File name:mixazed_20210731-070734(1)
Download: download sample
Signature ShurkStealer
Create hunting rule
File size:440'480 bytes
First seen:2021-07-31 12:53:22 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'648 x AgentTesla, 19'452 x Formbook, 12'201 x SnakeKeylogger)
ssdeep 6144:e/U771TbuciCpDrVoOdwruNfqpKkP2sv/3gh6CMqEfRYM43Tj6QdSkUvd:jIhCpDrVjD9qKU2NhynGj6QdSHvd
Threatray 9 similar samples on MalwareBazaar
TLSH T1999402E9BB84451FE9A547B0A80601F05A302D53AA26DA831C94711E1CBFFF979DF2C3
dhash icon d341daced6c0561c (1 x ShurkStealer)
Reporter benkow_
Tags:exe ShurkStealer


Avatar
benkow_
c2: 193.124.64.30
Shurk Steal
"$ Tyt mogla bit va reklama $ ;)"

Intelligence

File Origin
# of uploads :
1
# of downloads :
523
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
mixazed_20210731-070734(1)
Verdict:
Malicious activity
Analysis date:
2021-07-31 12:55:28 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/ce7b4bc1-2e74-4a4e-99e9-08e019c7a559

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/175479/
Detection(s):
SecuriteInfo.com.Variant.Adware.BrowseFox.62.UNOFFICIAL
Create hunting rule

Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/501467af-633f-44a5-a261-172d8e44a355
Result
Threat name:
Unknown
Detection:
malicious
Classification:
spyw.evad
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/824921
Signature
Found many strings related to Crypto-Wallets (likely being stolen)
Injects a PE file into a foreign processes
Tries to harvest and steal browser information (history, passwords, etc)
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/7ea4937a54c4f1373be662d2a8c3bb4aa34faf25dff90318921bdc5a5853524c/
Threat name:
ByteCode-MSIL.Packed.Generic
Create hunting rule
Status:
Suspicious
First seen:
2021-07-31 05:23:05 UTC
AV detection:
11 of 28 (39.29%)
Threat level:
  1/5
Verdict:
malicious
Similar samples:
1efa74e72060865ff07bda90c4f5d0c470dd20198de7144960c88cef248c4457
ShurkStealer
30af8d3ec685a4a5669f1377bb74589772a0428d9daa214c179a795dcf4b9030
ShurkStealer
5619c8395d506c05cebd14d6145c87a87e52b265a2442aa6dbea431f94c22eef
ShurkStealer
57b3bc2626b9c7fa3000e8be451e8b5799e39e0c9c957847467623a26e2c0652
ShurkStealer
70b80a1a24d526e456893f0185550c15c3d914deaf8ebaa02d8817a15aa5bf80
ShurkStealer
768ea597d760b5748bf05f48e81ba41b91a49f3943a0269c868b716e92dd232d
ShurkStealer
97488be036cb1cf1a500188d3449062f4f10d83afb57630a8f6497edb196dc21
ShurkStealer
b5188b0e21575407dbfc61df11d80353a6fec4f57098596b45e37bc746ba58e9
ShurkStealer
cf333d7bb01d28a0a43127cd5c86c8fdfa390c03565bc30fca6ea49b1ef0b7b6
ShurkStealer
Result
Malware family:
n/a
Score:
  7/10
Tags:
spyware stealer
Link:
https://tria.ge/reports/210731-7n67a4h246/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Reads user/profile data of web browsers
Unpacked files
SH256 hash:
26d41402a16169b5d732c370cab98de6c1401ab928b6f58738781eac510bf4ee
MD5 hash:
264998f931d1e8fa08ff5f4a9daa117a
SHA1 hash:
c2a867015a5e0ca7c22c11908da5120d649c4d02
Link:
https://www.unpac.me/results/8b8638d0-cd95-4243-85b3-330236e276b8/
SH256 hash:
dac1e731c88e06b5d5118b342dad93858f8de086cf04438563a23c71aee3eea8
MD5 hash:
40ab1d4197b3fb42acb0a46568b0db7e
SHA1 hash:
1fc17164269968501f0090abb7c5532e413db2a4
Link:
https://www.unpac.me/results/8b8638d0-cd95-4243-85b3-330236e276b8/
SH256 hash:
7ea4937a54c4f1373be662d2a8c3bb4aa34faf25dff90318921bdc5a5853524c
MD5 hash:
a7e7c55d763359f4b590ea4eec10b800
SHA1 hash:
c9c9c25f0f90048face442c607428cfbfdc3798b
Link:
https://www.unpac.me/results/8b8638d0-cd95-4243-85b3-330236e276b8/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
iSpy Keylogger
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/7ea4937a54c4f1373be662d2a8c3bb4aa34faf25dff90318921bdc5a5853524c

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:INDICATOR_SUSPICIOUS_EXE_SQLQuery_ConfidentialDataStore
Create hunting rule
Author:ditekSHen
Description:Detects executables containing SQL queries to confidential data stores. Observed in infostealers
Rule name:pe_imphash
Create hunting rule
Rule name:pe_imphash
Create hunting rule
Rule name:Skystars_Malware_Imphash
Create hunting rule
Author:Skystars LightDefender
Description:imphash

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Dropped by
GCleaner
  
Delivery method
Other
Cape
Cape
https://www.capesandbox.com/analysis/175479/

Comments