Overview

overview

10

Static

static

10

2024-09-25...ch.exe

windows7-x64

1

2024-09-25...ch.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2024-09-25_10d14b6197eeedf0f166d0a4fa2659a9_ngrbot_poet-rat_snatch

  • Size

    9.9MB

  • Sample

    240925-nws66swhpe

  • MD5

    10d14b6197eeedf0f166d0a4fa2659a9

  • SHA1

    25bd554729a5719957e91b251a1eaee3e2221d79

  • SHA256

    575eb29192f0a9c804615c06ead3536f4918f47e7c0f37e26f803764c1e88280

  • SHA512

    f4ae7be5906019f1ceadf80d57c5784b595d3f52f36c763e7866e996c741cbfb963933840b44b1d51f1e1ee621419ac5473d85dd0999a6f1125136315da7ed9d

  • SSDEEP

    98304:LsvhF/1BWaUgkNP9OT3bbIU+mXIhExICafZmyjsEtjG:LU/1BWama3bbILmYiQdjG

Score
10/10
skuldpersistencestealer

Malware Config

Extracted

Family

skuld

C2

https://discord.com/api/webhooks/1275560943589523539/BJK9iC8Svr2Fre-qgTymdqr9WpjvwwbYpYjpS2i15nqdELMnGFAQH7BhyHNCVncljHvH

Targets

    • Target

      2024-09-25_10d14b6197eeedf0f166d0a4fa2659a9_ngrbot_poet-rat_snatch

    • Size

      9.9MB

    • MD5

      10d14b6197eeedf0f166d0a4fa2659a9

    • SHA1

      25bd554729a5719957e91b251a1eaee3e2221d79

    • SHA256

      575eb29192f0a9c804615c06ead3536f4918f47e7c0f37e26f803764c1e88280

    • SHA512

      f4ae7be5906019f1ceadf80d57c5784b595d3f52f36c763e7866e996c741cbfb963933840b44b1d51f1e1ee621419ac5473d85dd0999a6f1125136315da7ed9d

    • SSDEEP

      98304:LsvhF/1BWaUgkNP9OT3bbIU+mXIhExICafZmyjsEtjG:LU/1BWama3bbILmYiQdjG

    Score
    10/10
    skuldpersistencestealer

    • Skuld stealer

      An info stealer written in Go lang.

      stealerskuld

    • Adds Run key to start application

      persistence

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks