Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows11-21h2_x64 -
resource
win11-20240508-en -
resource tags
-
submitted
30-06-2024 06:04
General
-
Target
skuld.exe
-
Size
9.5MB
-
MD5
da4bf124529b32d5daff341cba7b746c
-
SHA1
7297b55ceff76cdec32e722902ae61524d4b7442
-
SHA256
c58b34b4af808fefeaf1545f4f3c0375a32cdb9a6e6c95c4d0cf50ea601aad3e
-
SHA512
7a04a1f68045c7b91f5df3e12c155543f4934678d764bbd5c8db78e33dc13ae4885bcdcc7f2af4ab8f2417633090286a0263143f5992470e4416eaee3a2d194a
-
SSDEEP
98304:0l+jC6y/CQ8VtNqvV0FIS3fT4mEJJkF88l19bf3:ZDy/ChS0FIS3r4DJC19f
Malware Config
Signatures
-
Skuld stealer
An info stealer written in Go lang.
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Looks up external IP address via web service 13 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
-
Views/modifies file attributes 1 TTPs 2 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\skuld.exe"C:\Users\Admin\AppData\Local\Temp\skuld.exe"1⤵
- Adds Run key to start application
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\attrib.exeattrib +h +s C:\Users\Admin\AppData\Local\Temp\skuld.exe2⤵
- Views/modifies file attributes
-
-
C:\Windows\system32\attrib.exeattrib +h +s C:\Users\Admin\AppData\Roaming\Microsoft\Protect\SecurityHealthSystray.exe2⤵
- Views/modifies file attributes
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
9.5MB
MD5da4bf124529b32d5daff341cba7b746c
SHA17297b55ceff76cdec32e722902ae61524d4b7442
SHA256c58b34b4af808fefeaf1545f4f3c0375a32cdb9a6e6c95c4d0cf50ea601aad3e
SHA5127a04a1f68045c7b91f5df3e12c155543f4934678d764bbd5c8db78e33dc13ae4885bcdcc7f2af4ab8f2417633090286a0263143f5992470e4416eaee3a2d194a