Extracted

• • Target

    skuld.exe

  • Size

    14.8MB

  • MD5

    e389746ab517dd387f0ddb7f5bf98c84

  • SHA1

    a6452165d9a1461f0fd932ca2eaa0ac5e809f5e0

  • SHA256

    5d17d46056cde8eeef5c884a76b2e35a176a3dd4ad15b324151b8ca6ebe29328

  • SHA512

    b77087561e6c491ed9a2d8a76745cc96f206ffec987c9e152eb6729f3648e465723d910d31b0e25f9757a303b78872d693e9fa27f098cceb49b9424b9f63a9f6

  • SSDEEP

    196608:0qV4leoNq9qc/3h4PozZIg+29GAB7ob73mrVGwYdNE2vfUW:nV48oYpxZNAuM73gQDvfUW

  Score

  10^/10

  skuldcredential_accessdefense_evasiondiscoveryexecutionpersistenceprivilege_escalationspywarestealer

  • Skuld family

    skuld

  • Skuld stealer

    An info stealer written in Go lang.

    stealerskuld

  • Command and Scripting Interpreter: PowerShell

    Using powershell.exe command.

    execution

  • Drops file in Drivers directory

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Unsecured Credentials: Credentials In Files

    Steal credentials from unsecured files.

    credential_accessstealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Maps connected drives based on registry

    Disk information is often read in order to detect sandboxing environments.

  • Obfuscated Files or Information: Command Obfuscation

    Adversaries may obfuscate content during command execution to impede detection.

    defense_evasion
  behavioral1behavioral2