skuld | f9bde9d5622470f983e497aa54ca8333796bbb7b1fa92d49fb8e50b05489fab6 | Triage

Sharing

General

Target

skuld.exe
Size

10.3MB
Sample

250405-y95r8sxnv9
MD5

8b844f81ee3b1f6b91f70e8e83210f5b
SHA1

5e2c67f68ea2d2d1d331edd000bcb7b1d12624ea
SHA256

f9bde9d5622470f983e497aa54ca8333796bbb7b1fa92d49fb8e50b05489fab6
SHA512

485a868d8f6e1dbe9575644ed5a252bbc8e86bd28c6adb9090b5d31b97953db3801d6261f4ea90b3f4181265123047855790d1897909f509633c8f88decf2a23
SSDEEP

98304:8lJTC3t04XErIWPjfR/dUCBA0rU0UhZEPbl:8nTC904ajfR/dUCiL6Pbl

Score

10^/10

skuld persistence stealer

Malware Config

Extracted

Family

skuld

C2

https://discordapp.com/api/webhooks/1358176018480763082/KRzYhVK83SkkWXqkgpHZchqaHT7jufMoWg40zH8kOvRh-ra5lweCdwpMBFLX669IaMx7

Targets

- Target
  
  skuld.exe
- Size
  
  10.3MB
- MD5
  
  8b844f81ee3b1f6b91f70e8e83210f5b
- SHA1
  
  5e2c67f68ea2d2d1d331edd000bcb7b1d12624ea
- SHA256
  
  f9bde9d5622470f983e497aa54ca8333796bbb7b1fa92d49fb8e50b05489fab6
- SHA512
  
  485a868d8f6e1dbe9575644ed5a252bbc8e86bd28c6adb9090b5d31b97953db3801d6261f4ea90b3f4181265123047855790d1897909f509633c8f88decf2a23
- SSDEEP
  
  98304:8lJTC3t04XErIWPjfR/dUCBA0rU0UhZEPbl:8nTC904ajfR/dUCiL6Pbl
Score

10^/10

skuld persistence stealer
- Skuld family
  skuld
- Skuld stealer
  An info stealer written in Go lang.
  stealer skuld
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

skuldpersistencestealer