Overview

overview

10

Static

static

10

2025-04-18...ch.exe

windows10-2004-x64

7

2025-04-18...ch.exe

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2025-04-18_d8aa48e2d8b8bbb5fc9579866accfe00_frostygoop_knight_luca-stealer_ngrbot_poet-rat_sliver_snatch

  • Size

    10.3MB

  • Sample

    250418-2ljrmszpy9

  • MD5

    d8aa48e2d8b8bbb5fc9579866accfe00

  • SHA1

    fb5492d7fe655199f810be4c50eea29023de8058

  • SHA256

    93643f6f0cea3ea34541a532b1d5acc89bd68a31975a96a7275e2d50c5ba13d8

  • SHA512

    e24985258dbe52126489e5ebd4e5b18bf55b8d58916b40deba8d5eaad1c3fe5183d6a5368cc725e228ddb89a8c01ab106f765886510ec60784b9d45cd12116ea

  • SSDEEP

    98304:CaSL8bZv/NL61NxiEvVbE/8CERB6O5wCA0rRxEmb:Cobl/NUvVbEEfRB6O5wFMSmb

Score
10/10
skuldpersistencestealer

Malware Config

Targets

    • Target

      2025-04-18_d8aa48e2d8b8bbb5fc9579866accfe00_frostygoop_knight_luca-stealer_ngrbot_poet-rat_sliver_snatch

    • Size

      10.3MB

    • MD5

      d8aa48e2d8b8bbb5fc9579866accfe00

    • SHA1

      fb5492d7fe655199f810be4c50eea29023de8058

    • SHA256

      93643f6f0cea3ea34541a532b1d5acc89bd68a31975a96a7275e2d50c5ba13d8

    • SHA512

      e24985258dbe52126489e5ebd4e5b18bf55b8d58916b40deba8d5eaad1c3fe5183d6a5368cc725e228ddb89a8c01ab106f765886510ec60784b9d45cd12116ea

    • SSDEEP

      98304:CaSL8bZv/NL61NxiEvVbE/8CERB6O5wCA0rRxEmb:Cobl/NUvVbEEfRB6O5wFMSmb

    Score
    10/10
    persistenceskuldstealer

    • Skuld family

      skuld

    • Skuld stealer

      An info stealer written in Go lang.

      stealerskuld

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v16

Tasks