General
-
Target
https://cdn.discordapp.com/attachments/1282846872087695425/1295100231108661271/test.exe?ex=670d6b94&is=670c1a14&hm=02aa678492353360a3ceb52dffbe89677a0177f274c3f479252e8146e2102094&
-
Sample
241013-xsap4axepk
Malware Config
Extracted
skuld
https://discord.com/api/webhooks/1284545435142459497/sZJdu71WF2vnQDFx5DbTlbAwGrlYn3vAhSJnEzrtKI0BnkbaxRVHjY9XeJFuMGr-racb
Targets
-
-
Target
https://cdn.discordapp.com/attachments/1282846872087695425/1295100231108661271/test.exe?ex=670d6b94&is=670c1a14&hm=02aa678492353360a3ceb52dffbe89677a0177f274c3f479252e8146e2102094&
Score10/10-
Skuld stealer
An info stealer written in Go lang.
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Adds Run key to start application
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Modify Registry
1