General
-
Target
skuld.exe
-
Size
9.5MB
-
Sample
240511-kk4lzshe5z
-
MD5
9aa0a7fe9d6c1d63afba8737d74db883
-
SHA1
dfcf414f0dc9000ed20e3e890420938fba44832f
-
SHA256
447639dd4a5ea773eca0a2c73ba0f24e506ddf1fd209def728909e37bcfe01fa
-
SHA512
98c26a483b2ec3b2829cd4801f436b0c6accf28f221506e88528102cd0dba988e2a4e87492cf31f8da232675afd0363ec2e76cf85c81b91aaa4b9e76b476f83b
-
SSDEEP
98304:88tIBGYnVpvuiIjEN0xS5XGWE6IpSF8SejC:3oGYnLNVN0xSVGT6IOejC
Malware Config
Targets
-
-
Target
skuld.exe
-
Size
9.5MB
-
MD5
9aa0a7fe9d6c1d63afba8737d74db883
-
SHA1
dfcf414f0dc9000ed20e3e890420938fba44832f
-
SHA256
447639dd4a5ea773eca0a2c73ba0f24e506ddf1fd209def728909e37bcfe01fa
-
SHA512
98c26a483b2ec3b2829cd4801f436b0c6accf28f221506e88528102cd0dba988e2a4e87492cf31f8da232675afd0363ec2e76cf85c81b91aaa4b9e76b476f83b
-
SSDEEP
98304:88tIBGYnVpvuiIjEN0xS5XGWE6IpSF8SejC:3oGYnLNVN0xSVGT6IOejC
Score8/10-
Command and Scripting Interpreter: PowerShell
Using powershell.exe command.
-
Drops file in Drivers directory
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Modify Registry
2Subvert Trust Controls
1Install Root Certificate
1Hide Artifacts
1Hidden Files and Directories
1