Overview

overview

10

Static

static

10

2024-11-06...ch.exe

windows7-x64

1

2024-11-06...ch.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2024-11-06_d02a74cc7cb238ae3ef85ea82fade1ed_ngrbot_poet-rat_snatch

  • Size

    14.2MB

  • Sample

    241106-cpc1tsshma

  • MD5

    d02a74cc7cb238ae3ef85ea82fade1ed

  • SHA1

    af4b5c5c803f76faace1695b4a7018f1b87c3a51

  • SHA256

    64fd7264b8e2bc82b4012b191049a923f8bb3dc6d99c261a2ad07871f1d8b91c

  • SHA512

    77696145cab73ce201e5231feb020f645fa0cd23fcd4b1eef0cd695e5544410a3f127dd0c6f3723a17836e59f90e96e50770591650f3ce36fe22f1ce2168f04b

  • SSDEEP

    196608:ZWJafoL/tUoTX4Z2bh1Yf0k7Ma/rkFlgdTaUrPPbdfw:ZWsfm/vbh1lkSFCdTauZo

Score
10/10
skuldpersistencestealer

Malware Config

Extracted

Family

skuld

C2

https://ptb.discord.com/api/webhooks/1296774769303359571/SuAqJEaZ8HyMJeY4XNdTzjqboa7EQQC9NlFu7Nm8gWVWabNPEFyEqvUIK1mdFAcYMMWN

Targets

    • Target

      2024-11-06_d02a74cc7cb238ae3ef85ea82fade1ed_ngrbot_poet-rat_snatch

    • Size

      14.2MB

    • MD5

      d02a74cc7cb238ae3ef85ea82fade1ed

    • SHA1

      af4b5c5c803f76faace1695b4a7018f1b87c3a51

    • SHA256

      64fd7264b8e2bc82b4012b191049a923f8bb3dc6d99c261a2ad07871f1d8b91c

    • SHA512

      77696145cab73ce201e5231feb020f645fa0cd23fcd4b1eef0cd695e5544410a3f127dd0c6f3723a17836e59f90e96e50770591650f3ce36fe22f1ce2168f04b

    • SSDEEP

      196608:ZWJafoL/tUoTX4Z2bh1Yf0k7Ma/rkFlgdTaUrPPbdfw:ZWsfm/vbh1lkSFCdTauZo

    Score
    10/10
    skuldpersistencestealer

    • Skuld family

      skuld

    • Skuld stealer

      An info stealer written in Go lang.

      stealerskuld

    • Adds Run key to start application

      persistence

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks