General

  • Target

    cmd.exe

  • Size

    9.9MB

  • Sample

    241107-jdtyjaydnn

  • MD5

    240ff0a244a7a888a0df074b70473063

  • SHA1

    85be735983e86eb656a920dde212fc5d467d642c

  • SHA256

    f596fc4e9e9568c7fe0cac3b46d5e23932062cadc20f1c055f2ac2ab884bd00a

  • SHA512

    83ea2029ea67799889cb3b088bb717fc41a1db85819ca42078de57aa0fb6cc66b578e6642a84d9ac0fb26cd3897ed1cd046e7818d0e79394ee6f149fbb1c2c4d

  • SSDEEP

    98304:pzU4brhxBASgf/gEpiji6Ig8TWApEIICafZm/mbnXg:pxrhxBAGZji6IdThqRTXg

Malware Config

Extracted

Family

skuld

C2

https://discord.com/api/webhooks/1303801444024979538/ccYtBFXL53k2JjPdccF4_Q0RyJhiTuYgSfRuahpcQBQF-lyG_YEYV7JcEsJ-czgGGLml

Targets

    • Target

      cmd.exe

    • Size

      9.9MB

    • MD5

      240ff0a244a7a888a0df074b70473063

    • SHA1

      85be735983e86eb656a920dde212fc5d467d642c

    • SHA256

      f596fc4e9e9568c7fe0cac3b46d5e23932062cadc20f1c055f2ac2ab884bd00a

    • SHA512

      83ea2029ea67799889cb3b088bb717fc41a1db85819ca42078de57aa0fb6cc66b578e6642a84d9ac0fb26cd3897ed1cd046e7818d0e79394ee6f149fbb1c2c4d

    • SSDEEP

      98304:pzU4brhxBASgf/gEpiji6Ig8TWApEIICafZm/mbnXg:pxrhxBAGZji6IdThqRTXg

    • Skuld family

    • Skuld stealer

      An info stealer written in Go lang.

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks