skuld | d0e1a282d89b59d99c518a8d8de14cb3cfd1ba02f8ac2ad2cfe06f38004618e7 | Triage

Submit
Reports

Overview

overview

Static

static

3

Spotube-wi...up.exe

windows11-21h2-x64

Sharing

General

Target

Spotube-windows-x86_64-setup.exe
Size

29.1MB
Sample

250412-z5crbs1ybt
MD5

2b532f23ca05059218a0edea60c4b3d3
SHA1

54db672cc861a34b22b0814357d5e0da95945c18
SHA256

d0e1a282d89b59d99c518a8d8de14cb3cfd1ba02f8ac2ad2cfe06f38004618e7
SHA512

a5a363cd50837302fd1ca092387360c0eef084e1daa442320aa616e5a88f901d083e56ef65c63ade75ffad146dfcdcb19ea19f7195f4a781702964f794ba941c
SSDEEP

786432:NwuEzgAZn+KLHFt00TYOzU1EQwG0qDkMlAm:Nwusn+KLHgwYSJ9bqDTlAm

Score

10^/10

skuld defense_evasion discovery persistence privilege_escalation stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Spotube-windows-x86_64-setup.exe

Resource

win11-20250410-es

skuld defense_evasion discovery persistence privilege_escalation stealer

windows11-21h2-x64

28 signatures

900 seconds

Malware Config

Extracted

Family

skuld

C2

https://discord.com/api/webhooks/1337735249911746560/fW5kuZa3Rbm2Qkeep47pmFng1yPJozpr6B6XoKYvePooq6cq_Nl_sjY6si7ildYg54Nk

Targets

- Target
  
  Spotube-windows-x86_64-setup.exe
- Size
  
  29.1MB
- MD5
  
  2b532f23ca05059218a0edea60c4b3d3
- SHA1
  
  54db672cc861a34b22b0814357d5e0da95945c18
- SHA256
  
  d0e1a282d89b59d99c518a8d8de14cb3cfd1ba02f8ac2ad2cfe06f38004618e7
- SHA512
  
  a5a363cd50837302fd1ca092387360c0eef084e1daa442320aa616e5a88f901d083e56ef65c63ade75ffad146dfcdcb19ea19f7195f4a781702964f794ba941c
- SSDEEP
  
  786432:NwuEzgAZn+KLHFt00TYOzU1EQwG0qDkMlAm:Nwusn+KLHgwYSJ9bqDTlAm
Score

10^/10

skuld defense_evasion discovery persistence privilege_escalation stealer
- Skuld family
  skuld
- Skuld stealer
  An info stealer written in Go lang.
  stealer skuld
- Downloads MZ/PE file
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Event Triggered Execution

Component Object Model Hijacking

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Event Triggered Execution

Component Object Model Hijacking

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Subvert Trust Controls

SIP and Trust Provider Hijacking

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

skulddefense_evasiondiscoverypersistenceprivilege_escalationstealer

© 2018-2025

Terms | Privacy