skuld | 7cb04b7c094f2f1beb40a7b27136a9ff9c954b3edda52f5de99b31635e50b6db | Triage

Sharing

General

Target

main.exe
Size

9.5MB
Sample

240706-zw13kavekb
MD5

15767d56c12becc21502a59355a9c163
SHA1

360524f903a06307f32a9fd8ca839da949c75916
SHA256

7cb04b7c094f2f1beb40a7b27136a9ff9c954b3edda52f5de99b31635e50b6db
SHA512

e7faa7034920ed376869548fe2107035d7c24c578961fa2a1317f5f2231b2333668fd475a3b2deaf99fc4e87894f59837d40950f67cdadb4b1b016d0761dc13a
SSDEEP

98304:NzZIWZX0gybHFmOKMW2S6by4ELW/6FQKVVSf:n3501sMW2SiyxqEVVSf

Score

10^/10

skuld persistence stealer

Malware Config

Extracted

Family

skuld

C2

https://discord.com/api/webhooks/1258496423444615342/CgJY-4xdm5Ye24oauoByyHTOC86vzjGJvv8cMxKQz03UpkK8RVz4-rL3_dhMIWWysqJ_

Targets

- Target
  
  main.exe
- Size
  
  9.5MB
- MD5
  
  15767d56c12becc21502a59355a9c163
- SHA1
  
  360524f903a06307f32a9fd8ca839da949c75916
- SHA256
  
  7cb04b7c094f2f1beb40a7b27136a9ff9c954b3edda52f5de99b31635e50b6db
- SHA512
  
  e7faa7034920ed376869548fe2107035d7c24c578961fa2a1317f5f2231b2333668fd475a3b2deaf99fc4e87894f59837d40950f67cdadb4b1b016d0761dc13a
- SSDEEP
  
  98304:NzZIWZX0gybHFmOKMW2S6by4ELW/6FQKVVSf:n3501sMW2SiyxqEVVSf
Score

10^/10

skuld persistence stealer
- Skuld stealer
  An info stealer written in Go lang.
  stealer skuld
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

skuldpersistencestealer

behavioral2

skuldpersistencestealer