skuld | 9756e20697023876ef8e570658d2b35bed2548bf05c124b2f96f6203dae243c7 | Triage

Sharing

General

Target

main.exe
Size

14.2MB
Sample

240621-1tlqjasdpc
MD5

2d48e14160b815234bfcc517f6500231
SHA1

381c3152ca6ad548ea2bd8a83423e6e4bfe5508b
SHA256

9756e20697023876ef8e570658d2b35bed2548bf05c124b2f96f6203dae243c7
SHA512

9c2c38a399c8d985ee058814bf87dad90347aed7faf2c9597f011da63fd7f6f6d405e689cf3be3c108f675bf4589ff078a8ecb2dba1bafc15aaa1ce9458e31b8
SSDEEP

196608:IMhP4WgzpUmKAU/o4z3wVSIPLFFrL0AGtWT6U:IyP2mo40HLvL7Gty

Score

10^/10

skuld persistence stealer

Malware Config

Extracted

Family

skuld

C2

https://discord.com/api/webhooks/1253813102223298560/O-L6iguyX5rluzD2U1_iyLQ7zm9faaFnF1M8hhYXbMbx7q6jl_GsrV427yX8oo062mN0

Targets

- Target
  
  main.exe
- Size
  
  14.2MB
- MD5
  
  2d48e14160b815234bfcc517f6500231
- SHA1
  
  381c3152ca6ad548ea2bd8a83423e6e4bfe5508b
- SHA256
  
  9756e20697023876ef8e570658d2b35bed2548bf05c124b2f96f6203dae243c7
- SHA512
  
  9c2c38a399c8d985ee058814bf87dad90347aed7faf2c9597f011da63fd7f6f6d405e689cf3be3c108f675bf4589ff078a8ecb2dba1bafc15aaa1ce9458e31b8
- SSDEEP
  
  196608:IMhP4WgzpUmKAU/o4z3wVSIPLFFrL0AGtWT6U:IyP2mo40HLvL7Gty
Score

10^/10

skuld persistence stealer
- Skuld stealer
  An info stealer written in Go lang.
  stealer skuld
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

skuldpersistencestealer