Overview

overview

10

Static

static

10

skuld.exe

windows7-x64

1

skuld.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    55s
  • max time network
    61s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30-06-2024 09:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    skuld.exe

  • Size

    9.5MB

  • MD5

    79ff221ab5f4ec73e3cf2603de02dd3c

  • SHA1

    d03cd4bd46d07692b2cb2aa70032b2f7cf8f6614

  • SHA256

    b2389efe45f191978aeea0b38f35e967e812583644512e1d721b7adb88719008

  • SHA512

    04bdae4d323d1bc9446778e1ee66aaf1e3249e40de6dc8406eac9138e1b1b87ee00faf5a6cc41aeeb8b816c7b96a3d6bec442470f7c884318b91f2baa36f64a9

  • SSDEEP

    98304:e03AgTj/aqro8jCvVwPIieO7XFEDT7kF8+l19Qfz:vlj/apjwPIiemX2DTW1if

Score
10/10
skuldpersistencestealer

Malware Config

Signatures

  • Skuld stealer

    An info stealer written in Go lang.

    stealerskuld
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Looks up external IP address via web service 6 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs
  • Views/modifies file attributes 1 TTPs 2 IoCs
    evasion

Processes

  • C:\Users\Admin\AppData\Local\Temp\skuld.exe
    "C:\Users\Admin\AppData\Local\Temp\skuld.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1096
    • C:\Windows\system32\attrib.exe
      attrib +h +s C:\Users\Admin\AppData\Local\Temp\skuld.exe
      2⤵
      • Views/modifies file attributes
      PID:1996
    • C:\Windows\system32\attrib.exe
      attrib +h +s C:\Users\Admin\AppData\Roaming\Microsoft\Protect\SecurityHealthSystray.exe
      2⤵
      • Views/modifies file attributes
      PID:1124
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4184,i,9746875443948590908,1444894342962555245,262144 --variations-seed-version --mojo-platform-channel-handle=4232 /prefetch:8
    1⤵
      PID:4076

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Roaming\Microsoft\Protect\SecurityHealthSystray.exe
      Filesize

      9.5MB

      MD5

      79ff221ab5f4ec73e3cf2603de02dd3c

      SHA1

      d03cd4bd46d07692b2cb2aa70032b2f7cf8f6614

      SHA256

      b2389efe45f191978aeea0b38f35e967e812583644512e1d721b7adb88719008

      SHA512

      04bdae4d323d1bc9446778e1ee66aaf1e3249e40de6dc8406eac9138e1b1b87ee00faf5a6cc41aeeb8b816c7b96a3d6bec442470f7c884318b91f2baa36f64a9

      Download Submit