Analysis
-
max time kernel
150s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
11-10-2024 09:04
General
-
Target
skuld.exe
-
Size
7.5MB
-
MD5
86cfaeefec2c4ce9bba60640d2d4dee7
-
SHA1
426c0ee6bc8ab22041afc53b25b7ef312a185a66
-
SHA256
5195c14f3b204c7fb8d9c3ec7df175fac89f3ff83485de64106e55d9b93f7989
-
SHA512
12b36bbbe28cbb2664d6bbea9a7569960a1b480af38867dfc099d7c823bf84cbca4443260acdaef4ac45f8a9d35b4b9bf3348a600138029a8b0165d324348f5a
-
SSDEEP
196608:1lNk+HyZDcdb7MSv5of5VWu0+yE8ToCFD:jNk+SBw7MSM5lMVF
Score
10/10
Malware Config
Extracted
Family
skuld
C2
https://discord.com/api/webhooks/1294219914600513648/1hMj8NibsG6kkmCebWQXD2dsOS3COgpf78DC2CqwIi8Ve2EgBTg8fRzgTY1uxq8ArsSQ
Signatures
-
Skuld stealer
An info stealer written in Go lang.
-
Adds Run key to start application 2 TTPs 1 IoCs
-
UPX packed file 2 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of WriteProcessMemory 2 IoCs
-
Views/modifies file attributes 1 TTPs 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\skuld.exe"C:\Users\Admin\AppData\Local\Temp\skuld.exe"1⤵
- Adds Run key to start application
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\attrib.exeattrib +h +s C:\Users\Admin\AppData\Local\Temp\skuld.exe2⤵
- Views/modifies file attributes
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
15.2MB
-
Filesize
15.2MB