Overview

overview

10

Static

static

3

2025-04-14...ch.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2025-04-14_51ceb13cdba18123b9968dba9a268c0e_frostygoop_ghostlocker_knight_luca-stealer_ngrbot_poet-rat_sliver_snatch

  • Size

    15.4MB

  • Sample

    250414-h4dtka1ny3

  • MD5

    51ceb13cdba18123b9968dba9a268c0e

  • SHA1

    de1c25f61ffc27241ac4629176865ae974120880

  • SHA256

    ba4800e0d0b51d74331b87c35cd2f2aaa2654808a2efcf4b10501bfe13c28fea

  • SHA512

    efc2ff22010878efeb659352fc0300466cf5c0b13dc6442153de8f20a60c96224f6c35db0137594d2b1e981267f120d17a790334dfce072d71e19b64a58914ff

  • SSDEEP

    196608:ZX/bjC/+0fvUTU50+oaYPgENlWr7L2GtVdhkor1nUziI1Y1:Z/CmkDwNlWbvQordUziAY1

Score
10/10
skuldpersistencestealer

Malware Config

Extracted

Family

skuld

C2

https://discord.com/api/webhooks/1360005816974970961/peYHLnMx0zg02iyZEoV2hSDl8h17Qu8fRHOLWTpUywXlWlsEi4GhY9E_4gMm98sM8NW2

Targets

    • Target

      2025-04-14_51ceb13cdba18123b9968dba9a268c0e_frostygoop_ghostlocker_knight_luca-stealer_ngrbot_poet-rat_sliver_snatch

    • Size

      15.4MB

    • MD5

      51ceb13cdba18123b9968dba9a268c0e

    • SHA1

      de1c25f61ffc27241ac4629176865ae974120880

    • SHA256

      ba4800e0d0b51d74331b87c35cd2f2aaa2654808a2efcf4b10501bfe13c28fea

    • SHA512

      efc2ff22010878efeb659352fc0300466cf5c0b13dc6442153de8f20a60c96224f6c35db0137594d2b1e981267f120d17a790334dfce072d71e19b64a58914ff

    • SSDEEP

      196608:ZX/bjC/+0fvUTU50+oaYPgENlWr7L2GtVdhkor1nUziI1Y1:Z/CmkDwNlWbvQordUziAY1

    Score
    10/10
    skuldpersistencestealer

    • Skuld family

      skuld

    • Skuld stealer

      An info stealer written in Go lang.

      stealerskuld

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Adds Run key to start application

      persistence
    behavioral1

MITRE ATT&CK Enterprise v16

Tasks