General
-
Target
https://cdn.discordapp.com/attachments/1282846872087695425/1297330692757258250/RENAMEME.exe?ex=671588dc&is=6714375c&hm=2662ab40830d84d3a1db48db166ed741fcc403cc74e7c70dc7eb36f2d334591e&
-
Sample
241019-2rsazatepa
Malware Config
Extracted
skuld
https://discord.com/api/webhooks/1284545435142459497/sZJdu71WF2vnQDFx5DbTlbAwGrlYn3vAhSJnEzrtKI0BnkbaxRVHjY9XeJFuMGr-racb
Targets
-
-
Target
https://cdn.discordapp.com/attachments/1282846872087695425/1297330692757258250/RENAMEME.exe?ex=671588dc&is=6714375c&hm=2662ab40830d84d3a1db48db166ed741fcc403cc74e7c70dc7eb36f2d334591e&
Score10/10-
Skuld stealer
An info stealer written in Go lang.
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Adds Run key to start application
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Modify Registry
1