skuld | 774c71f4e65a17cc744e906660435598f9b62dfdd599e9babbed3dd9dea32e53 | Triage

Sharing

General

Target

skuld.exe
Size

14.2MB
Sample

241012-pcbnfstgnp
MD5

3eb420ceca33cebdf59e96abd6ba75a3
SHA1

fbd442d69323445e9ecedbe820c61fbac7fdb287
SHA256

774c71f4e65a17cc744e906660435598f9b62dfdd599e9babbed3dd9dea32e53
SHA512

06047f5492f785bb672c6059ef2b0f31855a63d4e91a41c9e8178d4958c5e50825433a4f8cd87e1aaf4be56492d9f86eccdbe9cf9ed3929621005636f591ee69
SSDEEP

196608:5ADrfDmwoUoG3n5OJG1Nf0k7Ma/rkFlgdTaUrPPbdf5:5A3faw+JG1KkSFCdTauZR

Score

10^/10

skuld persistence stealer

Malware Config

Targets

- Target
  
  skuld.exe
- Size
  
  14.2MB
- MD5
  
  3eb420ceca33cebdf59e96abd6ba75a3
- SHA1
  
  fbd442d69323445e9ecedbe820c61fbac7fdb287
- SHA256
  
  774c71f4e65a17cc744e906660435598f9b62dfdd599e9babbed3dd9dea32e53
- SHA512
  
  06047f5492f785bb672c6059ef2b0f31855a63d4e91a41c9e8178d4958c5e50825433a4f8cd87e1aaf4be56492d9f86eccdbe9cf9ed3929621005636f591ee69
- SSDEEP
  
  196608:5ADrfDmwoUoG3n5OJG1Nf0k7Ma/rkFlgdTaUrPPbdf5:5A3faw+JG1KkSFCdTauZR
Score

10^/10

skuld persistence stealer
- Skuld stealer
  An info stealer written in Go lang.
  stealer skuld
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

skuldpersistencestealer