Overview

overview

10

Static

static

10

2024-06-24...ch.exe

windows7-x64

1

2024-06-24...ch.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2024-06-24_8cc716ca671d1fcdf2ac74ddea807572_ngrbot_poet-rat_snatch

  • Size

    14.2MB

  • Sample

    240624-bw79watbjc

  • MD5

    8cc716ca671d1fcdf2ac74ddea807572

  • SHA1

    cf259ccc5c988176330be8a09e4b4daa89e37016

  • SHA256

    7776a6fbb3b3f62999ae1cf161f2f24dbf293b64e5318cbe01cc896e8b94a5cd

  • SHA512

    6efc88379b6efde4c14cb73c3806d833dab4533a45dac8027d3295e440143f203d01044bd46fff5cee665112059696afa08d8221d8cd9d1e04c0f9dc3fc86813

  • SSDEEP

    196608:uwtgC4XNzUQSl/46ilCVja1nNwaDx7cfOTwikF41zxJ4VuWw:uWgf36isM1eaDYOTwD4Nr4Vu

Score
10/10
skuldpersistencestealer

Malware Config

Extracted

Family

skuld

C2

https://discord.com/api/webhooks/1238037759172677703/rKp9kf1vq9un4cYkXgVxTBjN0xe14L5JjHXRHQdqnx5G8M9mmbHi-MtgKRzSMsD9jOEb

Targets

    • Target

      2024-06-24_8cc716ca671d1fcdf2ac74ddea807572_ngrbot_poet-rat_snatch

    • Size

      14.2MB

    • MD5

      8cc716ca671d1fcdf2ac74ddea807572

    • SHA1

      cf259ccc5c988176330be8a09e4b4daa89e37016

    • SHA256

      7776a6fbb3b3f62999ae1cf161f2f24dbf293b64e5318cbe01cc896e8b94a5cd

    • SHA512

      6efc88379b6efde4c14cb73c3806d833dab4533a45dac8027d3295e440143f203d01044bd46fff5cee665112059696afa08d8221d8cd9d1e04c0f9dc3fc86813

    • SSDEEP

      196608:uwtgC4XNzUQSl/46ilCVja1nNwaDx7cfOTwikF41zxJ4VuWw:uWgf36isM1eaDYOTwD4Nr4Vu

    Score
    10/10
    skuldpersistencestealer

    • Skuld stealer

      An info stealer written in Go lang.

      stealerskuld

    • Adds Run key to start application

      persistence

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks