skuld | 2025-02-19_91f96bbdf5a479601252717305aadf0a_frostygoop_luca-stealer_ngrbot_poet-rat_snatch | Triage

Sharing

General

Target

2025-02-19_91f96bbdf5a479601252717305aadf0a_frostygoop_luca-stealer_ngrbot_poet-rat_snatch
Size

9.9MB
MD5

91f96bbdf5a479601252717305aadf0a
SHA1

16206de912609ae882517c0135478c15cf86f876
SHA256

967b916e61f317fdfb55c15a2ca4f3bbd9b96ad7174d6a31336067c9dcef48c4
SHA512

cc94f0445115d06572243f7337d7c55f426f3ccf9800dc5864f055ea246588088af9ebec59d620d375e13ea8cb70510853cc9ae072bef7be9c3753c054cc621d
SSDEEP

98304:PE/XRBCfMiUi8i76nmhg0HkyYvEdLGg7BDYl+dHq:PEnCfMGQmhg0E/sJu+xq

Score

10^/10

skuld

Malware Config

Signatures

Skuld family
skuld

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2025-02-19_91f96bbdf5a479601252717305aadf0a_frostygoop_luca-stealer_ngrbot_poet-rat_snatch

Files

2025-02-19_91f96bbdf5a479601252717305aadf0a_frostygoop_luca-stealer_ngrbot_poet-rat_snatch
.exe windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 4.8MB - Virtual size: 4.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4.4MB - Virtual size: 4.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 468KB - Virtual size: 798KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 111KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 512B - Virtual size: 180B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.symtab
Size: 512B - Virtual size: 4B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ