skuld | 9a04cf68c8bdf577d27658c7e84be1ccf6122bf6208ab1300e1d9803fd065748 | Triage

Sharing

General

Target

niggahater.exe
Size

9.3MB
Sample

240624-wbmgwsvbrh
MD5

fc68d81900b7bf69d8d8b1f3119f45a2
SHA1

6b8016a4249fc9a6775de5f06ebc592c2bedb99e
SHA256

9a04cf68c8bdf577d27658c7e84be1ccf6122bf6208ab1300e1d9803fd065748
SHA512

21e111e52f951cac84ad7751cc088afc526b7aeb612dd57515f3e2aae758f92b84ff47d00a16b5cb21acef432aeafbb532231379a28e874008ef883bccbfdfe0
SSDEEP

98304:4SDHIt0tY1iZ9t292M5AueUfEBv1aIiivmXe:Xot0tU2M5AXU8huX

Score

10^/10

skuld persistence stealer

Malware Config

Extracted

Family

skuld

C2

https://discord.com/api/webhooks/1242897203878690918/3TJ-b5Y1hE8vdA1jciurp1SRLYdg0seUEpr6gPy5i4GjM535DSt29zAtN9Y3olfzBn9t

Targets

- Target
  
  niggahater.exe
- Size
  
  9.3MB
- MD5
  
  fc68d81900b7bf69d8d8b1f3119f45a2
- SHA1
  
  6b8016a4249fc9a6775de5f06ebc592c2bedb99e
- SHA256
  
  9a04cf68c8bdf577d27658c7e84be1ccf6122bf6208ab1300e1d9803fd065748
- SHA512
  
  21e111e52f951cac84ad7751cc088afc526b7aeb612dd57515f3e2aae758f92b84ff47d00a16b5cb21acef432aeafbb532231379a28e874008ef883bccbfdfe0
- SSDEEP
  
  98304:4SDHIt0tY1iZ9t292M5AueUfEBv1aIiivmXe:Xot0tU2M5AXU8huX
Score

10^/10

skuld persistence stealer
- Skuld stealer
  An info stealer written in Go lang.
  stealer skuld
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

skuldpersistencestealer