skuld | 0939d0feb44f3cd7ce0d18ad8bf5ab589aeeff42f43b2a2a4fb43bb6666a8485 | Triage

Sharing

General

Target

2025-02-16_0e26fb260ff03a040563a9e959169dcb_frostygoop_luca-stealer_ngrbot_poet-rat_snatch
Size

14.8MB
Sample

250216-xq538awlgx
MD5

0e26fb260ff03a040563a9e959169dcb
SHA1

959f06bdd27f26de50fa62cecae90cd9d2abc0e8
SHA256

0939d0feb44f3cd7ce0d18ad8bf5ab589aeeff42f43b2a2a4fb43bb6666a8485
SHA512

52c0fcc56aac61f98ed8e65fe15753f0c35ae5881afcc87a45b5f0c90e9958cf3be1f181cf3ace9efafead91fa5594b53b9799dc9ddc73bb2cab57bc9d753f5f
SSDEEP

196608:4qZ4f/oCqKqc/3h4Po95Xx+29GAB7ob73mrVGwYdNE2vfUWc:TZ4XoBKH59AuM73gQDvfUWc

Score

10^/10

skuld discovery persistence stealer

Malware Config

Extracted

Family

skuld

C2

https://ptb.discord.com/api/webhooks/1331762319012659321/iwnBhcdBis01WFBWpqJG9rYThk7-WhDDTh6m7jXrOXbNEJKcRQ9UVmGerYdicCteoenN

Targets

- Target
  
  2025-02-16_0e26fb260ff03a040563a9e959169dcb_frostygoop_luca-stealer_ngrbot_poet-rat_snatch
- Size
  
  14.8MB
- MD5
  
  0e26fb260ff03a040563a9e959169dcb
- SHA1
  
  959f06bdd27f26de50fa62cecae90cd9d2abc0e8
- SHA256
  
  0939d0feb44f3cd7ce0d18ad8bf5ab589aeeff42f43b2a2a4fb43bb6666a8485
- SHA512
  
  52c0fcc56aac61f98ed8e65fe15753f0c35ae5881afcc87a45b5f0c90e9958cf3be1f181cf3ace9efafead91fa5594b53b9799dc9ddc73bb2cab57bc9d753f5f
- SSDEEP
  
  196608:4qZ4f/oCqKqc/3h4Po95Xx+29GAB7ob73mrVGwYdNE2vfUWc:TZ4XoBKH59AuM73gQDvfUWc
Score

10^/10

skuld discovery persistence stealer
- Skuld family
  skuld
- Skuld stealer
  An info stealer written in Go lang.
  stealer skuld
- Downloads MZ/PE file
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

skulddiscoverypersistencestealer