Overview

overview

10

Static

static

1

URLScan

urlscan

1

https://cdn.discorda...

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    https://cdn.discordapp.com/attachments/1279538248812728444/1279554286606356606/protected.exe?ex=66d5860a&is=66d4348a&hm=fd051a431948718b24b16f2b533f749a89aa39e46dfbf8ef7b5f09dce7592944&

  • Sample

    240901-zdxx7a1gpb

Score
10/10
skulddiscoveryevasionstealertrojan

Malware Config

Extracted

Family

skuld

C2

https://discord.com/api/webhooks/1279552508578238534/-lGdkw-tDuy6Wd-I7APMhPnY3Tp2Oh3ZxzkvZFiG36eu6-pHpBKf4a2y4W0ZpaNYzcmk

Targets

    • Target

      https://cdn.discordapp.com/attachments/1279538248812728444/1279554286606356606/protected.exe?ex=66d5860a&is=66d4348a&hm=fd051a431948718b24b16f2b533f749a89aa39e46dfbf8ef7b5f09dce7592944&

    Score
    10/10
    skulddiscoveryevasionstealertrojan

    • Skuld stealer

      An info stealer written in Go lang.

      stealerskuld

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Downloads MZ/PE file

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Executes dropped EXE

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks