General

  • Target

    2024-10-29_37834eca6c068c551b49202739e6882e_ngrbot_poet-rat_snatch

  • Size

    9.9MB

  • Sample

    241029-ar928symhp

  • MD5

    37834eca6c068c551b49202739e6882e

  • SHA1

    83dc6b9e26f773758d042f1cc92bfd17f396edc3

  • SHA256

    9d60a15cf6779912cc49ce36597b2264f97071c4afc61c370454931083df2e3f

  • SHA512

    b880d2ec14ad71d9e2449422758b6ba36c9d726a3281cc9867bfdee9e46c3e523d8f7cacecef61d07399e9057f4062aa5ad954c58e1b5278879229890ba0f3da

  • SSDEEP

    98304:PzU4brhxBASgf/gEpiji6Ig8TWAREIICafZm/mbnXg:PxrhxBAGZji6IdThyRTXg

Malware Config

Extracted

Family

skuld

C2

https://discord.com/api/webhooks/1298438839865577564/LcdRm0rKPE01ApFPl9RQHGqhcuExeiqKGpghrB8Lv3iKniiyEa0mVBhFySte_oBx7wyQ

Targets

    • Target

      2024-10-29_37834eca6c068c551b49202739e6882e_ngrbot_poet-rat_snatch

    • Size

      9.9MB

    • MD5

      37834eca6c068c551b49202739e6882e

    • SHA1

      83dc6b9e26f773758d042f1cc92bfd17f396edc3

    • SHA256

      9d60a15cf6779912cc49ce36597b2264f97071c4afc61c370454931083df2e3f

    • SHA512

      b880d2ec14ad71d9e2449422758b6ba36c9d726a3281cc9867bfdee9e46c3e523d8f7cacecef61d07399e9057f4062aa5ad954c58e1b5278879229890ba0f3da

    • SSDEEP

      98304:PzU4brhxBASgf/gEpiji6Ig8TWAREIICafZm/mbnXg:PxrhxBAGZji6IdThyRTXg

    • Skuld family

    • Skuld stealer

      An info stealer written in Go lang.

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks