skuld | f596fc4e9e9568c7fe0cac3b46d5e23932062cadc20f1c055f2ac2ab884bd00a | Triage

Sharing

General

Target

2024-11-07_240ff0a244a7a888a0df074b70473063_frostygoop_luca-stealer_ngrbot_poet-rat_snatch
Size

9.9MB
Sample

241107-rvyxtawpcq
MD5

240ff0a244a7a888a0df074b70473063
SHA1

85be735983e86eb656a920dde212fc5d467d642c
SHA256

f596fc4e9e9568c7fe0cac3b46d5e23932062cadc20f1c055f2ac2ab884bd00a
SHA512

83ea2029ea67799889cb3b088bb717fc41a1db85819ca42078de57aa0fb6cc66b578e6642a84d9ac0fb26cd3897ed1cd046e7818d0e79394ee6f149fbb1c2c4d
SSDEEP

98304:pzU4brhxBASgf/gEpiji6Ig8TWApEIICafZm/mbnXg:pxrhxBAGZji6IdThqRTXg

Score

10^/10

skuld persistence stealer

Malware Config

Extracted

Family

skuld

C2

https://discord.com/api/webhooks/1303801444024979538/ccYtBFXL53k2JjPdccF4_Q0RyJhiTuYgSfRuahpcQBQF-lyG_YEYV7JcEsJ-czgGGLml

Targets

- Target
  
  2024-11-07_240ff0a244a7a888a0df074b70473063_frostygoop_luca-stealer_ngrbot_poet-rat_snatch
- Size
  
  9.9MB
- MD5
  
  240ff0a244a7a888a0df074b70473063
- SHA1
  
  85be735983e86eb656a920dde212fc5d467d642c
- SHA256
  
  f596fc4e9e9568c7fe0cac3b46d5e23932062cadc20f1c055f2ac2ab884bd00a
- SHA512
  
  83ea2029ea67799889cb3b088bb717fc41a1db85819ca42078de57aa0fb6cc66b578e6642a84d9ac0fb26cd3897ed1cd046e7818d0e79394ee6f149fbb1c2c4d
- SSDEEP
  
  98304:pzU4brhxBASgf/gEpiji6Ig8TWApEIICafZm/mbnXg:pxrhxBAGZji6IdThqRTXg
Score

10^/10

skuld persistence stealer
- Skuld family
  skuld
- Skuld stealer
  An info stealer written in Go lang.
  stealer skuld
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

skuldpersistencestealer