skuld | 4bf1ea8ace7f1c427b54adc6c8d9da2f79f5be1475e3ca4609e997e2b93f5e87

Sharing

Copy URL

Twitter E-mail

General

Target

slinky.rar
Size

26.1MB
Sample

240930-vz855axbkq
MD5

710f5f275317d3936d9dcbcb53a579ee
SHA1

b96c3a924aa3642f3b87b7063f7fa2060a9a10d0
SHA256

4bf1ea8ace7f1c427b54adc6c8d9da2f79f5be1475e3ca4609e997e2b93f5e87
SHA512

5775062891166e163b98de8130665bc9d5d400249ba1142e4cd7e901a3c62097347151e8eb58e297ca7b2fc7a36d680b92d3b6d0399a9b009fd0093380da80c3
SSDEEP

393216:T9cWRf8yrPoqsN8KhgKldFVtHyEPXBSeqQTr9BmcfCDLMnyXmJOU7f1cIDuz7Qq4:TSWmcoqstVIcxwMmtnqROecIQ3s

Score

10^/10

Malware Config

Extracted

Family

skuld

https://ptb.discord.com/api/webhooks/1288586956971835474/KOwZpzzvHgBFnLYWk6PiicTPjzY_P0vpTibLIhpjtTMHi8CPkv2cwuhQTfaTc_MnkUX6

Targets

- Target
  
  slinky.rar
- Size
  
  26.1MB
- MD5
  
  710f5f275317d3936d9dcbcb53a579ee
- SHA1
  
  b96c3a924aa3642f3b87b7063f7fa2060a9a10d0
- SHA256
  
  4bf1ea8ace7f1c427b54adc6c8d9da2f79f5be1475e3ca4609e997e2b93f5e87
- SHA512
  
  5775062891166e163b98de8130665bc9d5d400249ba1142e4cd7e901a3c62097347151e8eb58e297ca7b2fc7a36d680b92d3b6d0399a9b009fd0093380da80c3
- SSDEEP
  
  393216:T9cWRf8yrPoqsN8KhgKldFVtHyEPXBSeqQTr9BmcfCDLMnyXmJOU7f1cIDuz7Qq4:TSWmcoqstVIcxwMmtnqROecIQ3s
Score

10^/10

skuld persistence stealer
- Skuld stealer
  An info stealer written in Go lang.
  stealer skuld
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2
- Target
  
  slinky/slinky.exe
- Size
  
  14.2MB
- MD5
  
  5ef2d4590801769c57ea9b4690dc4a7d
- SHA1
  
  21a12ed600a2a69cb38091eb75b52c5bfee10c1d
- SHA256
  
  48e5cc1db19aacc0b68e6f4d8378fcd833f98cc7606e25a0fc185257332cf532
- SHA512
  
  358d4b1d78a7e6f8eabeb622ae6d8fe9d8dd6d2a0e839600ea637c2df42103639e34ac50bc8a7859f621ce858023f7fa527d2081f9c1dd24d200127a0977b99a
- SSDEEP
  
  196608:tWJafoL/tUoTX4ZZbh1Yf0k7Ma/rkFlgdTaUrPPbdfw:tWsfm/Mbh1lkSFCdTauZo
Score

10^/10

skuld persistence stealer
- Skuld stealer
  An info stealer written in Go lang.
  stealer skuld
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral3 behavioral4
- Target
  
  slinky/slinky_library.dll
- Size
  
  11.7MB
- MD5
  
  f4f7eacab208d7b50d50f196bd3facd2
- SHA1
  
  82ca056ecb89d1612df069a42952e077f7e079e1
- SHA256
  
  4f35cfe4d051d56cc22dc2743024ffa0f3b4ee906b34c4336c72d71bc55de708
- SHA512
  
  9b61bd125e066df121186057bcb163bfb3d8fb9ff3447963df0e9b14ab57fdf6a8d1faf61a5e75dc3e53425f541bb624b9d8b787e322ea6b675489d532b8f001
- SSDEEP
  
  3:WAYJYJYJYJYJYJYJYJYJYJYJYJYJYJYJYJYJYJYJYJYJYJYJYJYJYJYJYJYJYJYw:z
Score

1^/10
behavioral5 behavioral6
- Target
  
  slinky/slinkyhook.dll
- Size
  
  228KB
- MD5
  
  6d8c17c67970cb5841811eed8adffffc
- SHA1
  
  c869ab32318a035e51aff8e5e11b4cd25fb52a4f
- SHA256
  
  7c4234fac3b6b3e96dace1e71c7a952ec67e3839f90f7a88a9ea283bf88d25b8
- SHA512
  
  7d2a0ffcd72c8bf4a96b2ed722d7119749ec14f5d7e6a601cb6ae4a5b1c4a652b694158f01da340e3ca4751cabd0a56c42bf739d8b421e36937f3691b3b80c72
- SSDEEP
  
  3072:hXxN1I6PgabbAzVxPLI5oIa5amK/1o4ptgELHY1lNyc+m+e7P26g66OVuknsDe0u:hhN1GFZq/15tFc+m97ieuknsDu
Score

1^/10
behavioral7 behavioral8

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Skuld stealer

Executes dropped EXE

Adds Run key to start application

Looks up external IP address via web service

Skuld stealer

Adds Run key to start application

Looks up external IP address via web service

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8