Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
skuld.bat
-
Size
13.0MB
-
Sample
240629-2qxt3asanp
-
MD5
441100cf63c807c0d4f359c64499ffa6
-
SHA1
f65d189e9d35cef146f7e04b603032123f931691
-
SHA256
70fdc6e91d6f0b7a3e72638bda9333eabb83a949e38216d52952629f98b1317c
-
SHA512
de0352fad3f2df48638036052a29173328ca1a3ab119b2707ae982833914685f7088b9d4cbcbe2eb7f2a8270c76e3731c1d854568112c0c8d41b89b54c7b2d43
-
SSDEEP
49152:KSOtTyTd7XtPt/Ws8crF3fLk3ReLdn5vq/5cQSo33D0gaHmCFMaXmwKbiifdT+td:Kw
Static task
static1
Behavioral task
behavioral1
Sample
skuld.bat
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
skuld.bat
Resource
win10v2004-20240611-en
Malware Config
Targets
-
-
Target
skuld.bat
-
Size
13.0MB
-
MD5
441100cf63c807c0d4f359c64499ffa6
-
SHA1
f65d189e9d35cef146f7e04b603032123f931691
-
SHA256
70fdc6e91d6f0b7a3e72638bda9333eabb83a949e38216d52952629f98b1317c
-
SHA512
de0352fad3f2df48638036052a29173328ca1a3ab119b2707ae982833914685f7088b9d4cbcbe2eb7f2a8270c76e3731c1d854568112c0c8d41b89b54c7b2d43
-
SSDEEP
49152:KSOtTyTd7XtPt/Ws8crF3fLk3ReLdn5vq/5cQSo33D0gaHmCFMaXmwKbiifdT+td:Kw
-
Blocklisted process makes network request
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Netsh Helper DLL
1