Overview

overview

10

Static

static

3

2025-04-11...ch.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2025-04-11_8e8b691cf8f82c5e94ca135b04f50a73_frostygoop_knight_luca-stealer_ngrbot_poet-rat_sliver_snatch

  • Size

    10.3MB

  • Sample

    250411-gdd6za1l14

  • MD5

    8e8b691cf8f82c5e94ca135b04f50a73

  • SHA1

    016a41d4dbd205a1d41586bb31af9807e0f013ab

  • SHA256

    470aae09c9bfd1aea1c6c2637210cf4213c21c61b6b4655150d9a6d485ad462a

  • SHA512

    fb396e2feedf649e9a4db5360565816f2d66900b0d9258dd9d65946c129a6fe74c5edf75f2e6379a83cbc7442adb962026e2521a2e12ae7222cd62f84b8c751b

  • SSDEEP

    98304:jDp8VN601uPFa8PIfPB9woUABrUir9/CEYbZ:jF8Vc016IfPB9wovzPYbZ

Score
10/10
skuldpersistencestealer

Malware Config

Extracted

Family

skuld

C2

https://discord.com/api/webhooks/1360037627750776933/A7U0kOOavkQ4UMg4AjY6YOPcjf6p-Koy8zbKvs8EhAmupltK0-haDaQc-pN0ffgzhHc7

Targets

    • Target

      2025-04-11_8e8b691cf8f82c5e94ca135b04f50a73_frostygoop_knight_luca-stealer_ngrbot_poet-rat_sliver_snatch

    • Size

      10.3MB

    • MD5

      8e8b691cf8f82c5e94ca135b04f50a73

    • SHA1

      016a41d4dbd205a1d41586bb31af9807e0f013ab

    • SHA256

      470aae09c9bfd1aea1c6c2637210cf4213c21c61b6b4655150d9a6d485ad462a

    • SHA512

      fb396e2feedf649e9a4db5360565816f2d66900b0d9258dd9d65946c129a6fe74c5edf75f2e6379a83cbc7442adb962026e2521a2e12ae7222cd62f84b8c751b

    • SSDEEP

      98304:jDp8VN601uPFa8PIfPB9woUABrUir9/CEYbZ:jF8Vc016IfPB9wovzPYbZ

    Score
    10/10
    skuldpersistencestealer

    • Skuld family

      skuld

    • Skuld stealer

      An info stealer written in Go lang.

      stealerskuld

    • Executes dropped EXE

    • Adds Run key to start application

      persistence
    behavioral1

MITRE ATT&CK Enterprise v16

Tasks