Overview

overview

10

Static

static

10

2024-10-13...ch.exe

windows7-x64

1

2024-10-13...ch.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2024-10-13_7e26817146b9ca70f5a1f271b381fdc8_ngrbot_poet-rat_snatch

  • Size

    14.2MB

  • Sample

    241013-svnmhsxhnk

  • MD5

    7e26817146b9ca70f5a1f271b381fdc8

  • SHA1

    a87a69fa8c6833f818f878f6c5a5ec010b99dae4

  • SHA256

    ceeaced15d7a6d72bea0aa59bb3caccc5d5e0089b4b980658c5709d3f96b31fb

  • SHA512

    fa625fc2b8a68494fdf5b46a7a1b1d2a2188970825ca85deab268a66db920e3677c2dad09e87c73976ad7ee04d3645db1ab06f1048a9260695be47c3b2a361d8

  • SSDEEP

    196608:iWJafoL/tUoTX4Zdbh1Yf0k7Ma/rkFlgdTaUrPPbdfw:iWsfm/Qbh1lkSFCdTauZo

Score
10/10
skuldpersistencestealer

Malware Config

Extracted

Family

skuld

C2

https://ptb.discord.com/api/webhooks/1291675112323416086/ekKHKYdeTlB5ft63sBznu78rlTl4WJVeYMB2w6UXjxlTDqVo5r3nhS1SDDIxbzvUjs9p

Targets

    • Target

      2024-10-13_7e26817146b9ca70f5a1f271b381fdc8_ngrbot_poet-rat_snatch

    • Size

      14.2MB

    • MD5

      7e26817146b9ca70f5a1f271b381fdc8

    • SHA1

      a87a69fa8c6833f818f878f6c5a5ec010b99dae4

    • SHA256

      ceeaced15d7a6d72bea0aa59bb3caccc5d5e0089b4b980658c5709d3f96b31fb

    • SHA512

      fa625fc2b8a68494fdf5b46a7a1b1d2a2188970825ca85deab268a66db920e3677c2dad09e87c73976ad7ee04d3645db1ab06f1048a9260695be47c3b2a361d8

    • SSDEEP

      196608:iWJafoL/tUoTX4Zdbh1Yf0k7Ma/rkFlgdTaUrPPbdfw:iWsfm/Qbh1lkSFCdTauZo

    Score
    10/10
    skuldpersistencestealer

    • Skuld stealer

      An info stealer written in Go lang.

      stealerskuld

    • Adds Run key to start application

      persistence

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks