Overview

overview

10

Static

static

10

skally.exe

windows7-x64

1

skally.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    skally.exe

  • Size

    9.3MB

  • Sample

    240624-wjcyesveqb

  • MD5

    8af289e1ab18170e6c225166e49a46ac

  • SHA1

    ae539acaa1e5510da757f39bdbf4d973c4822085

  • SHA256

    9046b67922c2d220a330ed32e544375989d92a210eefc3d041c9e009166f2812

  • SHA512

    91c84d21bc06f3b492eeea19aa1bccc1c12d2dc1f0374fe04daf9b8693ccd7290cb6a7ebc7d11298324635d9ecc1dc0552440e1cee88473527fbc6324a5a0a26

  • SSDEEP

    98304:jCoYgLk4deNsZ0l+gGC785Auo0KEfyMfIiiBBXe:pRLk4cv785AR0XKhX

Score
10/10
skuldpersistencestealer

Malware Config

Extracted

Family

skuld

C2

https://discord.com/api/webhooks/1254857671807471716/cEupoRg9KEqByGVO7tpmeGJqZhggD1vla4F956MZEta-VyqjF4xye3seB-81DpcL8QCg

Targets

    • Target

      skally.exe

    • Size

      9.3MB

    • MD5

      8af289e1ab18170e6c225166e49a46ac

    • SHA1

      ae539acaa1e5510da757f39bdbf4d973c4822085

    • SHA256

      9046b67922c2d220a330ed32e544375989d92a210eefc3d041c9e009166f2812

    • SHA512

      91c84d21bc06f3b492eeea19aa1bccc1c12d2dc1f0374fe04daf9b8693ccd7290cb6a7ebc7d11298324635d9ecc1dc0552440e1cee88473527fbc6324a5a0a26

    • SSDEEP

      98304:jCoYgLk4deNsZ0l+gGC785Auo0KEfyMfIiiBBXe:pRLk4cv785AR0XKhX

    Score
    10/10
    skuldpersistencestealer

    • Skuld stealer

      An info stealer written in Go lang.

      stealerskuld

    • Adds Run key to start application

      persistence

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks