skuld | 9583979209fadf3861eff01c297c2d8355e65e75dad1b63cc60f9045b2db966e | Triage

Sharing

General

Target

2025-02-12_af24d11848de1fc38d1cb6c08d36d306_frostygoop_luca-stealer_ngrbot_poet-rat_snatch
Size

14.8MB
Sample

250212-zp53yaxqfm
MD5

af24d11848de1fc38d1cb6c08d36d306
SHA1

acccb5e04025a64ef4a5c7708588749b04d155ff
SHA256

9583979209fadf3861eff01c297c2d8355e65e75dad1b63cc60f9045b2db966e
SHA512

f17fdb6166390159c5a5c107d64aba54b00567fa701a4f32f2a1a979435e0a0f77ff1d2a9c744b1383e8959f792711bf1ed9e36311f53b802ffc394ba6301bd5
SSDEEP

196608:4qZ4f/oCqKqc/3h4Po95Xx+29GAB7ob73mrVGwYdNE2vfUWf:TZ4XoBKH59AuM73gQDvfUWf

Score

10^/10

skuld discovery persistence stealer

Malware Config

Extracted

Family

skuld

C2

https://ptb.discord.com/api/webhooks/1331762319012659321/iwnBhcdBis01WFBWpqJG9rYThk7-WhDDTh6m7jXrOXbNEJKcRQ9UVmGerYdicCteoenN

Targets

- Target
  
  2025-02-12_af24d11848de1fc38d1cb6c08d36d306_frostygoop_luca-stealer_ngrbot_poet-rat_snatch
- Size
  
  14.8MB
- MD5
  
  af24d11848de1fc38d1cb6c08d36d306
- SHA1
  
  acccb5e04025a64ef4a5c7708588749b04d155ff
- SHA256
  
  9583979209fadf3861eff01c297c2d8355e65e75dad1b63cc60f9045b2db966e
- SHA512
  
  f17fdb6166390159c5a5c107d64aba54b00567fa701a4f32f2a1a979435e0a0f77ff1d2a9c744b1383e8959f792711bf1ed9e36311f53b802ffc394ba6301bd5
- SSDEEP
  
  196608:4qZ4f/oCqKqc/3h4Po95Xx+29GAB7ob73mrVGwYdNE2vfUWf:TZ4XoBKH59AuM73gQDvfUWf
Score

10^/10

skuld discovery persistence stealer
- Skuld family
  skuld
- Skuld stealer
  An info stealer written in Go lang.
  stealer skuld
- Downloads MZ/PE file
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

skulddiscoverypersistencestealer