General

  • Target

    2025-06-03_9a3f462d8a9b6117dc2be0cf61e16681_frostygoop_knight_luca-stealer_ngrbot_poet-rat_sliver_snatch

  • Size

    10.3MB

  • Sample

    250603-pwnr5agl6x

  • MD5

    9a3f462d8a9b6117dc2be0cf61e16681

  • SHA1

    6da479c3fedd78e718108f5ae5e99c572ce78b5f

  • SHA256

    691689aa97146290b29933e47c8a1b1cd66e1a5dbc9fad122ea64ff0eb40f624

  • SHA512

    2dd6971839661bc23e3bd4ac16227ef80a176714f65fe1cac9a950cb32ebe3c18651e6f482b00aaabcefc4a47d2f718af77db070c07a4195352d803c8d122027

  • SSDEEP

    98304:6lyzZx6SpXxQQ5bZKATn/8qVqgr2d29EBgDhhGB:60Zx6CXxtKATn/8qA8uBgN

Malware Config

Extracted

Family

skuld

C2

https://discord.com/api/webhooks/1378709992634322944/nZXdjxkEjzOzW5okURF8HBbKvf0Yaup_y2ZlExn4z4BGoEmWbXXktqdoQK-XlvNlNoyE

Targets

    • Target

      2025-06-03_9a3f462d8a9b6117dc2be0cf61e16681_frostygoop_knight_luca-stealer_ngrbot_poet-rat_sliver_snatch

    • Size

      10.3MB

    • MD5

      9a3f462d8a9b6117dc2be0cf61e16681

    • SHA1

      6da479c3fedd78e718108f5ae5e99c572ce78b5f

    • SHA256

      691689aa97146290b29933e47c8a1b1cd66e1a5dbc9fad122ea64ff0eb40f624

    • SHA512

      2dd6971839661bc23e3bd4ac16227ef80a176714f65fe1cac9a950cb32ebe3c18651e6f482b00aaabcefc4a47d2f718af77db070c07a4195352d803c8d122027

    • SSDEEP

      98304:6lyzZx6SpXxQQ5bZKATn/8qVqgr2d29EBgDhhGB:60Zx6CXxtKATn/8qA8uBgN

    • Skuld family

    • Skuld stealer

      An info stealer written in Go lang.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Adds Run key to start application

MITRE ATT&CK Enterprise v16

Tasks