skuld | 14e0330250b54a0f15e5db48a53b0bf6517bed4fec8209eb5dc1df49ba9e5b8b | Triage

Sharing

General

Target

stealer_protect-Copy.exe
Size

9.1MB
Sample

250111-eq47tasrcz
MD5

cb86dd3b875f9cbd61325b45e50373a0
SHA1

24b293baf601633d98ac46794ce35675011df210
SHA256

14e0330250b54a0f15e5db48a53b0bf6517bed4fec8209eb5dc1df49ba9e5b8b
SHA512

5019feeb950eb8a8fad4cdb161a43724b2600a5da12b26e1feb1bc4419b6f977b2016b106efcdb99271ff0b0c905a03b5a8c70df7283ec2449186c741b869011
SSDEEP

196608:7G0ytxxQdi7nJf77gov4fplpRQSk5ZMGQfPXeLA52ANexrNceFcLQdc6E:7GZCWnN4OSWOvfPFCFF4Q

Score

10^/10

skuld persistence stealer vmprotect

Malware Config

Extracted

Family

skuld

C2

https://discord.com/api/webhooks/1327282019205386252/erLY2QwL_rt0jlh9ekxiZDsoz9mmhENv17cYsEaE1ETg-IcHrp5uYIg3T1AvvJtwEpMs

Targets

- Target
  
  stealer_protect-Copy.exe
- Size
  
  9.1MB
- MD5
  
  cb86dd3b875f9cbd61325b45e50373a0
- SHA1
  
  24b293baf601633d98ac46794ce35675011df210
- SHA256
  
  14e0330250b54a0f15e5db48a53b0bf6517bed4fec8209eb5dc1df49ba9e5b8b
- SHA512
  
  5019feeb950eb8a8fad4cdb161a43724b2600a5da12b26e1feb1bc4419b6f977b2016b106efcdb99271ff0b0c905a03b5a8c70df7283ec2449186c741b869011
- SSDEEP
  
  196608:7G0ytxxQdi7nJf77gov4fplpRQSk5ZMGQfPXeLA52ANexrNceFcLQdc6E:7GZCWnN4OSWOvfPFCFF4Q
Score

10^/10

skuld stealer vmprotect persistence
- Skuld family
  skuld
- Skuld stealer
  An info stealer written in Go lang.
  stealer skuld
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- Adds Run key to start application
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

skuldstealervmprotect

behavioral2

skuldpersistencestealervmprotect