skuld | 2b5bce8623468a2e58c6cc817c1556dd1ef69cb184083a2d8d68a1bb78cbc2d2 | Triage

Sharing

General

Target

2024-07-10_31fcfe752d30c3f9cfb212a5f58568a7_poet-rat_snatch
Size

15.0MB
Sample

240710-t41h4s1bjg
MD5

31fcfe752d30c3f9cfb212a5f58568a7
SHA1

e1c2fd2db1294153fe1ffcf7fa5d40f96767bad2
SHA256

2b5bce8623468a2e58c6cc817c1556dd1ef69cb184083a2d8d68a1bb78cbc2d2
SHA512

4341b3474fdec168565f45008495c194f310995452c71d7c92aec8427031b3c0e4b9b6d1217be5386d8ce9bc9eccfd862dada7fbb0e625b946a25997e4f355d6
SSDEEP

196608:zvTCF+0B6s7Vq1QpUPZ7ubMgFKcnSJiZKi9m2gB6bIK6w3:3w+M6GVYQpUP0xnS0m2gB6bII

Score

10^/10

skuld spyware stealer

Malware Config

Extracted

Family

skuld

C2

https://discord.com/api/webhooks/963128514779959316/ruqcIVO-IzGEWVxFyDIITM7YCzbyrnmAu55FnFdc4inoDqbx2o3dSOjAkc1lGOf9ytAfS

Targets

- Target
  
  2024-07-10_31fcfe752d30c3f9cfb212a5f58568a7_poet-rat_snatch
- Size
  
  15.0MB
- MD5
  
  31fcfe752d30c3f9cfb212a5f58568a7
- SHA1
  
  e1c2fd2db1294153fe1ffcf7fa5d40f96767bad2
- SHA256
  
  2b5bce8623468a2e58c6cc817c1556dd1ef69cb184083a2d8d68a1bb78cbc2d2
- SHA512
  
  4341b3474fdec168565f45008495c194f310995452c71d7c92aec8427031b3c0e4b9b6d1217be5386d8ce9bc9eccfd862dada7fbb0e625b946a25997e4f355d6
- SSDEEP
  
  196608:zvTCF+0B6s7Vq1QpUPZ7ubMgFKcnSJiZKi9m2gB6bIK6w3:3w+M6GVYQpUP0xnS0m2gB6bII
Score

7^/10

spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2