skuld | 463369ef73bf575c2031e4735f3575e59ff696d3d3c7fd32f2bea3d2902a850b | Triage

Sharing

General

Target

WindowsAudioServicel.exe
Size

9.5MB
Sample

240719-n78e8szeqn
MD5

dc7b1ae6d4a8c83767e4f22bc6c05ebd
SHA1

b38b93dd7a8dbaef0e9aebcf71926fe6105f2ed8
SHA256

463369ef73bf575c2031e4735f3575e59ff696d3d3c7fd32f2bea3d2902a850b
SHA512

c137b55487a3797c3548b5112c1751337dc2ea049e9fd8f1c9bbaba76377be615182d540c74b8bbbb00fbab052a13c35dd722757f318568da05df514ba7c7752
SSDEEP

98304:OwkcpPjff2wzicqFkoJwcnXPzqEzo7F/3z26IZ:korffWkoJwMXPz3zq1IZ

Score

10^/10

skuld persistence stealer

Malware Config

Targets

- Target
  
  WindowsAudioServicel.exe
- Size
  
  9.5MB
- MD5
  
  dc7b1ae6d4a8c83767e4f22bc6c05ebd
- SHA1
  
  b38b93dd7a8dbaef0e9aebcf71926fe6105f2ed8
- SHA256
  
  463369ef73bf575c2031e4735f3575e59ff696d3d3c7fd32f2bea3d2902a850b
- SHA512
  
  c137b55487a3797c3548b5112c1751337dc2ea049e9fd8f1c9bbaba76377be615182d540c74b8bbbb00fbab052a13c35dd722757f318568da05df514ba7c7752
- SSDEEP
  
  98304:OwkcpPjff2wzicqFkoJwcnXPzqEzo7F/3z26IZ:korffWkoJwMXPz3zq1IZ
Score

10^/10

skuld persistence stealer
- Skuld stealer
  An info stealer written in Go lang.
  stealer skuld
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

skuldpersistencestealer