Overview

overview

10

Static

static

10

2025-02-24...ch.exe

windows7-x64

1

2025-02-24...ch.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2025-02-24_f82e86938d6e97fcb851e0f616c14f0a_frostygoop_luca-stealer_ngrbot_poet-rat_snatch

  • Size

    14.8MB

  • Sample

    250224-bm5sdsxpay

  • MD5

    f82e86938d6e97fcb851e0f616c14f0a

  • SHA1

    85488addf46ce3d48a7e57dffce076ca5c3352a4

  • SHA256

    e12b792440ddb95d7c54a6414e63a977b60d70fed7d183d2e7d67128ce2ffeb9

  • SHA512

    ded4575aadedc1c743c6fc7ec960b7d9104288c333fa64c60a78a7c9d987a5d9dbade63fd857f424449750687f250af616a6a96ac869d13083554285d1d0b67c

  • SSDEEP

    196608:KqZ4f/oCqKqc/3h4Po9YXx+29GAB7ob73mrVGwYdNE2vfUW:xZ4XoBKHY9AuM73gQDvfUW

Score
10/10
skuldpersistencestealer

Malware Config

Extracted

Family

skuld

C2

https://ptb.discord.com/api/webhooks/1328831575789670452/xCCdIHtUlgPrQV3300CuNBr_DVbCb2fTTBtkXn4qDJnuJPpmJOp5dKrjZT4B0XHJ4OMa

Targets

    • Target

      2025-02-24_f82e86938d6e97fcb851e0f616c14f0a_frostygoop_luca-stealer_ngrbot_poet-rat_snatch

    • Size

      14.8MB

    • MD5

      f82e86938d6e97fcb851e0f616c14f0a

    • SHA1

      85488addf46ce3d48a7e57dffce076ca5c3352a4

    • SHA256

      e12b792440ddb95d7c54a6414e63a977b60d70fed7d183d2e7d67128ce2ffeb9

    • SHA512

      ded4575aadedc1c743c6fc7ec960b7d9104288c333fa64c60a78a7c9d987a5d9dbade63fd857f424449750687f250af616a6a96ac869d13083554285d1d0b67c

    • SSDEEP

      196608:KqZ4f/oCqKqc/3h4Po9YXx+29GAB7ob73mrVGwYdNE2vfUW:xZ4XoBKHY9AuM73gQDvfUW

    Score
    10/10
    skuldpersistencestealer

    • Skuld family

      skuld

    • Skuld stealer

      An info stealer written in Go lang.

      stealerskuld

    • Adds Run key to start application

      persistence

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks