General
-
Target
2025-02-07_dbe5700f14222bb71dc39f3353e51827_frostygoop_luca-stealer_ngrbot_poet-rat_snatch
-
Size
14.8MB
-
Sample
250207-xc71nasnat
-
MD5
dbe5700f14222bb71dc39f3353e51827
-
SHA1
2a080beb54a6c64d012a0aad80b4444203092d17
-
SHA256
84d77893364a00f1433ec893b7897b21f06f62fa09beafbbc4426d3beb8d1886
-
SHA512
531a0960882fba615ad467072052cf6c94009e3b708383e548ddba72a688878624c5d2ad6b2ed51ce256b0a3f03c3bcfc9f30e04e962e916fc3ed176aace4b67
-
SSDEEP
196608:4qZ4f/oCqKqc/3h4Po95Xx+29GAB7ob73mrVGwYdNE2vfUWv:TZ4XoBKH59AuM73gQDvfUWv
Malware Config
Extracted
skuld
https://ptb.discord.com/api/webhooks/1331762319012659321/iwnBhcdBis01WFBWpqJG9rYThk7-WhDDTh6m7jXrOXbNEJKcRQ9UVmGerYdicCteoenN
Targets
-
-
Target
2025-02-07_dbe5700f14222bb71dc39f3353e51827_frostygoop_luca-stealer_ngrbot_poet-rat_snatch
-
Size
14.8MB
-
MD5
dbe5700f14222bb71dc39f3353e51827
-
SHA1
2a080beb54a6c64d012a0aad80b4444203092d17
-
SHA256
84d77893364a00f1433ec893b7897b21f06f62fa09beafbbc4426d3beb8d1886
-
SHA512
531a0960882fba615ad467072052cf6c94009e3b708383e548ddba72a688878624c5d2ad6b2ed51ce256b0a3f03c3bcfc9f30e04e962e916fc3ed176aace4b67
-
SSDEEP
196608:4qZ4f/oCqKqc/3h4Po95Xx+29GAB7ob73mrVGwYdNE2vfUWv:TZ4XoBKH59AuM73gQDvfUWv
Score10/10-
Skuld family
-
Skuld stealer
An info stealer written in Go lang.
-
Downloads MZ/PE file
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Modify Registry
2Subvert Trust Controls
1Install Root Certificate
1