skuld | b571568f26f4b1eb13265c1699d3aa9cc63448b1e4979ebfc7c5ec5617685528 | Triage

Sharing

General

Target

2024-06-25_b828a4d1a49574647d1bd6a6990334d7_ngrbot_poet-rat_snatch
Size

9.5MB
Sample

240625-y2n5hstbjj
MD5

b828a4d1a49574647d1bd6a6990334d7
SHA1

e35c99ecbefb1d7ce83f519d48098d1a3c005886
SHA256

b571568f26f4b1eb13265c1699d3aa9cc63448b1e4979ebfc7c5ec5617685528
SHA512

d2618681fb9dbf62276991bc89f05d02fb6ace08b0b51eb721d10d2dc1b222955b6cfc90eec3fbc3f7f38d7e6b6ffb720995f5dbf22eb18a39bd34badf8baff0
SSDEEP

98304:hKTBQiVfr1oo2uvxXKWOwCu5eEgG8zSF8h2nR3:UjVfr1NKWOwj5bv8juR3

Score

10^/10

skuld persistence stealer

Malware Config

Extracted

Family

skuld

C2

https://discord.com/api/webhooks/1253312688864497665/375hzY1fiOjkE25L3-nbomdQUITdEzw5TbF9fCfxMycDpfz09qByG-R9KOpVUwhbMOaj

Targets

- Target
  
  2024-06-25_b828a4d1a49574647d1bd6a6990334d7_ngrbot_poet-rat_snatch
- Size
  
  9.5MB
- MD5
  
  b828a4d1a49574647d1bd6a6990334d7
- SHA1
  
  e35c99ecbefb1d7ce83f519d48098d1a3c005886
- SHA256
  
  b571568f26f4b1eb13265c1699d3aa9cc63448b1e4979ebfc7c5ec5617685528
- SHA512
  
  d2618681fb9dbf62276991bc89f05d02fb6ace08b0b51eb721d10d2dc1b222955b6cfc90eec3fbc3f7f38d7e6b6ffb720995f5dbf22eb18a39bd34badf8baff0
- SSDEEP
  
  98304:hKTBQiVfr1oo2uvxXKWOwCu5eEgG8zSF8h2nR3:UjVfr1NKWOwj5bv8juR3
Score

10^/10

skuld persistence stealer
- Skuld stealer
  An info stealer written in Go lang.
  stealer skuld
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

skuldpersistencestealer