skuld | 96f8c4d428daa5a50489c73f48a563d98a9fc17dead3a9e50fe19842fab0a795 | Triage

Sharing

General

Target

skuld.exe
Size

3.6MB
Sample

240630-w67rbascpf
MD5

4cc05288a42115b5e73bbd793a3d9abd
SHA1

839161afaf58f73af7c2be1493b134aa28035ef1
SHA256

96f8c4d428daa5a50489c73f48a563d98a9fc17dead3a9e50fe19842fab0a795
SHA512

f121866af5a3d9b080e07d30aab988fd7399b2eaa256efc76d69bab1156347558a4d389ee3c3b766c664bdc2d13ea1d877c778cd2397d250b47f16c6d85de848
SSDEEP

98304:ide/ZwLJb2arvBP37ntULaBt9JSgneQqvUK8Y:idkZ2JSuB/btU49SgHqvv

Score

10^/10

skuld persistence stealer

Malware Config

Extracted

Family

skuld

C2

https://discord.com/api/webhooks/1257036488672153761/NvDp_1b2nXLy-u8-yrTiFucpasoL2g34R7fCAV1w_Hji_Wd5urWsmS5DdJXMZb_5lbXp

Targets

- Target
  
  skuld.exe
- Size
  
  3.6MB
- MD5
  
  4cc05288a42115b5e73bbd793a3d9abd
- SHA1
  
  839161afaf58f73af7c2be1493b134aa28035ef1
- SHA256
  
  96f8c4d428daa5a50489c73f48a563d98a9fc17dead3a9e50fe19842fab0a795
- SHA512
  
  f121866af5a3d9b080e07d30aab988fd7399b2eaa256efc76d69bab1156347558a4d389ee3c3b766c664bdc2d13ea1d877c778cd2397d250b47f16c6d85de848
- SSDEEP
  
  98304:ide/ZwLJb2arvBP37ntULaBt9JSgneQqvUK8Y:idkZ2JSuB/btU49SgHqvv
Score

10^/10

skuld persistence stealer
- Skuld stealer
  An info stealer written in Go lang.
  stealer skuld
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

skuldpersistencestealer