skuld | d0d3f6fd6e0e0b6c4bfbd4aa55d8a3151823d59005e0fb6428d6cd309460142a | Triage

Sharing

General

Target

main.exe
Size

9.5MB
Sample

240701-wv22pasbma
MD5

69a284930fc8843088f37d2eb2173bfb
SHA1

97a032288ef740de5688e81f5fbafd319f45e4e8
SHA256

d0d3f6fd6e0e0b6c4bfbd4aa55d8a3151823d59005e0fb6428d6cd309460142a
SHA512

7445d360851df542710826185c37c4f7d6164c2ec853c667ce19d5fb4dfca1e981d96e3a2d48ba4f78580ce5e3ee2e7ff8b97f6b3a471d074c2dabd43e00f87e
SSDEEP

98304:kzZIWZX0gybHFmOKMW2S6bybELW/6FQKVVSf:g3501sMW2SiyIqEVVSf

Score

10^/10

skuld persistence stealer

Malware Config

Extracted

Family

skuld

C2

https://discord.com/api/webhooks/1257326008978247782/OPGroUs8KObiwYFAx-sn3YMX8edjwDL8Y64jbGKljvVRofhnkdb6B1Ov4DEY3TP5wW4W

Targets

- Target
  
  main.exe
- Size
  
  9.5MB
- MD5
  
  69a284930fc8843088f37d2eb2173bfb
- SHA1
  
  97a032288ef740de5688e81f5fbafd319f45e4e8
- SHA256
  
  d0d3f6fd6e0e0b6c4bfbd4aa55d8a3151823d59005e0fb6428d6cd309460142a
- SHA512
  
  7445d360851df542710826185c37c4f7d6164c2ec853c667ce19d5fb4dfca1e981d96e3a2d48ba4f78580ce5e3ee2e7ff8b97f6b3a471d074c2dabd43e00f87e
- SSDEEP
  
  98304:kzZIWZX0gybHFmOKMW2S6bybELW/6FQKVVSf:g3501sMW2SiyIqEVVSf
Score

10^/10

skuld persistence stealer
- Skuld stealer
  An info stealer written in Go lang.
  stealer skuld
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

skuldpersistencestealer