skuld | d41456ccdf1d2b4687316b09c7b76d7eb7448474d7110ac966445b1f0ce398f8

General

Target

entropy.rar
Size

23.2MB
Sample

240725-pqleta1hpe
MD5

453d1702527f25a018fceb8ce12b4d6b
SHA1

6e3bc3d0b97f39cca39393dd0aae91da9011cf53
SHA256

d41456ccdf1d2b4687316b09c7b76d7eb7448474d7110ac966445b1f0ce398f8
SHA512

4292c3d5cf6a2d15f53e91acb1884f351c6146d11ad7ab076d24b86f1e76cc39205591811537a5d31bf16fca30ea2871e4d652e2b40dbb67198876a00cf79cf8
SSDEEP

393216:PDNoRDRH81+Fv8CxAz3B7pP+gzX3/1jmVkgAs57fCMcaqWhyGSQFuq5uMK1K:PDNKDSYvKLzfRm1aSpn55b

Score

10^/10

Malware Config

Extracted

Family

skuld

C2

https://ptb.discord.com/api/webhooks/1262305239344611329/Gs3-RPCoo7aA6sV-nvtQQS-vmsy5ze8GqQnSaLH_NWVI19XokPqMYr-i_Q3OnogsvMFc

Targets

- Target
  
  entropy/entropy.dll
- Size
  
  177KB
- MD5
  
  d3375b53754f3c8deaaf436737e25007
- SHA1
  
  2cf3278e9179effc39826141fd5add61fd4e93d9
- SHA256
  
  f4865f3256200d374367ef844a1f10d83748d2be2f0fbc50052020960977fd2d
- SHA512
  
  3a25e45613d710de33a8d80a8b04e6a8c35b3ba6e26ac8c6b0f5a48cde025b51e71269d7e2a2cf1b9d8adeecf1b500e51e7f0877ad8a6cbf66f54db36aa5c7cb
- SSDEEP
  
  3072:B8X8PLYlycIHp6pgoUUctnRKNJsPLPRdVb3pr9o/oIGQHMdVA0Ya:B+8ztupyU6PBbNC/zGQHMdGa
Score

1^/10
behavioral1 behavioral2
- Target
  
  entropy/entropy.exe
- Size
  
  14.2MB
- MD5
  
  f9058c8aba41cdd21c26854ad4fbd494
- SHA1
  
  35309b9d6f2cacf3eb07824e502e031f3e1f8ddc
- SHA256
  
  02f6c35cbf1f3600ac7619f10e3d458c097a765114e87742ccb7fb8907dc797b
- SHA512
  
  d2ed560d5702039efa3148137e4702cefb48b4e9da75d1272f80cbcff751a25eaaa3bbfd1935d7d3740df837344d32011fd81ec279c4a11c59f75deb6b6fca43
- SSDEEP
  
  196608:PWJafoL/tUoTX4Zcbh1Yf0k7Ma/rkFlgdTaUrPPbdfw:PWsfm/Fbh1lkSFCdTauZo
Score

10^/10

skuld credential_access defense_evasion discovery execution persistence privilege_escalation spyware stealer
- Skuld stealer
  An info stealer written in Go lang.
  stealer skuld
- Credentials from Password Stores: Credentials from Web Browsers
  Malicious Access or copy of Web Browser Credential store.
  credential_access stealer
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Drops file in Drivers directory
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Obfuscated Files or Information: Command Obfuscation
  Adversaries may obfuscate content during command execution to impede detection.
  defense_evasion
behavioral3 behavioral4
- Target
  
  entropy/entropyloader.dll
- Size
  
  8.8MB
- MD5
  
  9f7288c05669282f9f5f650446283325
- SHA1
  
  a9cb48f24fb89c01b69feedaa2d5807331715eb0
- SHA256
  
  037e1ef19688f46bf91cc040e2e5127fcb10a14afad7accd7d987d1de4f0c59a
- SHA512
  
  60114acba85bca451c826cd545c5e28f06dbe1a6f059fa573a2eed821873c5089983a1d20826b9e5533004fc850e87cffe421b0b115f3e604d5792ca6084c15e
- SSDEEP
  
  196608:UmmmmmmmRG6SQEAKW3P1IFsrTYfSXqRqr9PxaZcIBWiopQgWddgKmH0:UmmmmmmmRG6oAPdIF08fSXqkRm4MLddJ
Score

1^/10
behavioral5 behavioral6