skuld | 56bd8367607b32bfe275478f96bbd0fe213c07eee696e0a268f817ea757a9543 | Triage

Sharing

General

Target

50KfF6O.exe
Size

3.2MB
Sample

250322-p3a5lssyev
MD5

9ec5cf784ec23ca09c2921668912cfeb
SHA1

4b9c8b0d197c359368164e5738b44a65fba40741
SHA256

56bd8367607b32bfe275478f96bbd0fe213c07eee696e0a268f817ea757a9543
SHA512

043d623ae8f3dbb43b504ba08d916f27f9054c4df46c6b5d0ae56e98c44b919e8d9a05e333c08adad286353bf5f6f1b75c1ee23f819462654c94e1542c31c464
SSDEEP

98304:f3bOTeskaH0XNniR5aAebmGeCpmC7ir4:/bOT1kaHeaGe87

Score

10^/10

skuld persistence stealer upx

Malware Config

Extracted

Family

skuld

C2

https://discordapp.com/api/webhooks/1349647136895012916/qSys_fpsL_y7usKH_AyrFupSjzSsVfg2t895g2HV8Yz72asrwCIsHaqqhPtDFjz8g8_E

Targets

- Target
  
  50KfF6O.exe
- Size
  
  3.2MB
- MD5
  
  9ec5cf784ec23ca09c2921668912cfeb
- SHA1
  
  4b9c8b0d197c359368164e5738b44a65fba40741
- SHA256
  
  56bd8367607b32bfe275478f96bbd0fe213c07eee696e0a268f817ea757a9543
- SHA512
  
  043d623ae8f3dbb43b504ba08d916f27f9054c4df46c6b5d0ae56e98c44b919e8d9a05e333c08adad286353bf5f6f1b75c1ee23f819462654c94e1542c31c464
- SSDEEP
  
  98304:f3bOTeskaH0XNniR5aAebmGeCpmC7ir4:/bOT1kaHeaGe87
Score

10^/10

skuld persistence stealer upx
- Skuld family
  skuld
- Skuld stealer
  An info stealer written in Go lang.
  stealer skuld
- Adds Run key to start application
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

skuldpersistencestealerupx

behavioral2

skuldpersistencestealerupx