skuld | 89897dd0a4e265ae460b7c94d65188da8d49efb5cbd84613e513f99248379cb2

Sharing

Copy URL

Twitter E-mail

General

Target

slinky.rar
Size

26.7MB
Sample

250404-k1bk5stvhv
MD5

cbf141f5b4df8c38f679ac49bb8bde92
SHA1

872a4e455805be20ca477b3c58d249870ed7b98e
SHA256

89897dd0a4e265ae460b7c94d65188da8d49efb5cbd84613e513f99248379cb2
SHA512

c96f87f450a1c2dd6f67fe516b74d189e172c7f3cb91edd8e4fc395aa7f7e8afb738fe10e0413a56b6df49ac0af8709833ac3e9453594103a401d887c2e712a1
SSDEEP

786432:wgVeL/oMJ6HkqFVc0G2Rzt9zWnioO7NLyDI:3QEcq/CWt9WCsI

Score

10^/10

Malware Config

Extracted

Family

skuld

https://ptb.discord.com/api/webhooks/1349978237123563552/9Z3tmeBDcx9gPVX1aoZkc47djylgCmPQ5oDmd4u78KdGgJx21nF4_I5dTUu_5OgY18YA

Targets

- Target
  
  slinky/slinky.exe
- Size
  
  14.8MB
- MD5
  
  e6aca3b8b99f072c29a789cdc3f0720b
- SHA1
  
  3fdb976dbc7fb8b06446c59b6c9f984cfa98ae65
- SHA256
  
  41b8422aba7628289e08792bf8eefb5dd32e84b870f15b621c1ac728731321b6
- SHA512
  
  3d456509f57305b6ede700ccf446ed257bb73d21ab29be5d2aeb070bf43cfffc28daaac36648f379b3450398c737eb34ceb69ded93ba5e018fa9fccd661a0f0a
- SSDEEP
  
  196608:kqZ4f/oCqKqc/3h4Po9QXx+29GAB7ob73mrVGwYdNE2vfUW:3Z4XoBKHQ9AuM73gQDvfUW
Score

10^/10

skuld persistence stealer
- Skuld family
  skuld
- Skuld stealer
  An info stealer written in Go lang.
  stealer skuld
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2 behavioral3
- Target
  
  slinky/slinky_library.dll
- Size
  
  11.7MB
- MD5
  
  f4f7eacab208d7b50d50f196bd3facd2
- SHA1
  
  82ca056ecb89d1612df069a42952e077f7e079e1
- SHA256
  
  4f35cfe4d051d56cc22dc2743024ffa0f3b4ee906b34c4336c72d71bc55de708
- SHA512
  
  9b61bd125e066df121186057bcb163bfb3d8fb9ff3447963df0e9b14ab57fdf6a8d1faf61a5e75dc3e53425f541bb624b9d8b787e322ea6b675489d532b8f001
- SSDEEP
  
  3:WAYJYJYJYJYJYJYJYJYJYJYJYJYJYJYJYJYJYJYJYJYJYJYJYJYJYJYJYJYJYJYw:z
Score

1^/10
behavioral4 behavioral5 behavioral6
- Target
  
  slinky/slinkyhook.dll
- Size
  
  228KB
- MD5
  
  6d8c17c67970cb5841811eed8adffffc
- SHA1
  
  c869ab32318a035e51aff8e5e11b4cd25fb52a4f
- SHA256
  
  7c4234fac3b6b3e96dace1e71c7a952ec67e3839f90f7a88a9ea283bf88d25b8
- SHA512
  
  7d2a0ffcd72c8bf4a96b2ed722d7119749ec14f5d7e6a601cb6ae4a5b1c4a652b694158f01da340e3ca4751cabd0a56c42bf739d8b421e36937f3691b3b80c72
- SSDEEP
  
  3072:hXxN1I6PgabbAzVxPLI5oIa5amK/1o4ptgELHY1lNyc+m+e7P26g66OVuknsDe0u:hhN1GFZq/15tFc+m97ieuknsDu
Score

1^/10
behavioral7 behavioral8 behavioral9

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Skuld family

Skuld stealer

Executes dropped EXE

Adds Run key to start application

Looks up external IP address via web service

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9