A new Golang-based information stealer called Skuld has compromised Windows systems across Europe, Southeast Asia, and the U.S.
What is Skuld Malware ?
The Purpose of Skuld malware tried to steal sensitive information from its victims as per Trellix researcher. To get these information it searches for data stored in applications such as Discord and web browsers; information from the system and files stored in the victim’s folders.
The malware, upon execution, checks if it’s running in a virtual environment in an attempt to thwart analysis. It further extracts the list of running processes and compares it against a predefined blocklist. Should any process match with those present in the blocklist, Skuld proceeds to terminate the matched process as opposed to terminating itself.
Besides gathering system metadata, the malware possesses capabilities to harvest cookies and credentials stored in web browsers as well as files present in the Windows user profile folders, including Desktop, Documents, Downloads, Pictures, Music, Videos, and OneDrive.
Another common approach to detect analysis techniques for a sample is checking if the target system is a virtual machine. Skuld uses three different techniques to perform this check.
“Additionally, Golang’s compiled nature lets malware authors produce binary executables that are more challenging to analyze and reverse engineer,” Fernández Provecho noted. “This makes it harder for security researchers and traditional anti-malware solutions to detect and mitigate these threats effectively.”
IOCS
4c0af2782e7e02aba3cc182eb485bdd30f22707a7669cf6609e2619bf4f54b2d 421a57666d85b8c956634528ca128283a13c4cb0730d3d498b4658b3ea4b3015 332911747cb1e808562b431b0519bed11fd844fd7a50fce37d8b4fe5daa7b235 2b5bce8623468a2e58c6cc817c1556dd1ef69cb184083a2d8d68a1bb78cbc2d2 20c53166133e5bc0a6dad39ba6a754a878c04c2697400b98cfb0fa5fe2f8b06d 13c25ddbaed8579a764b143446a4c2910b5605c78951416f303f000133e56b26 fefd9249dbafebc5c7717413a63cc9945eee4006d85fc77b4b4e10587e30aaa7 f8e2c18619f3701542add6f8f822e3d7957b41918d1a1bc03e80622e92afdc41 f7514b93fd3ee6d4df231f2eed022a98d98a518b9ff23c960845d2dd215d4694 dee98d99f9f2915dc8ed7e46606e88f84432232dd329e0283b3ce4e45f54aae4 d98d61496600aadf95235e81c54752c3ddcd1ea3a40ba9eb8978b27f9638f7ee d3ed2f5e3568fb77600894b49da9343243dc468d9aa661b4fcba60540445f3ec d29e69c321d2c5f2e0b4e284b9fb399a4b7bf4628916075ab9039be895660626 d11efad7ebe520ccc9f682003d76ebfabd5d18b746a801fefbf04317f7ae7505 bfb57e149903bc7c75cbe1dd57bbee030bdfadb6023db37bb2fe163e4bc06bd4 bea3b5a31d10069bb70561568349a54582564c21d2a835f65073d6f1d8662eec bdcdd076ccc5f73db7f93dbc298fc48147a04b755fc12fda872d11c6857b512f b8ea26cc228123ecb77b46d325f0ec34dd5c9b37e3e4ec492a4bf51840218025 b786df58db15f749ca922db966741711859616683b8a64390d221fb3af01493c b31290a1b14884b1ac2bb00aff079ac365857cbc94a489a5d361f9e140a54dff a211d8ee2767c83de94cc2b4e07838dd1ea6397ecde15fe0ed3211fe7959eb69 9b6705f27d0d77b766ed5d6267a8b9992081a7aa9c1dc2526c524bdf10bd7204 848f0f411cad90e6c7b6e64b27ffb25c81c6bf065c1cd0f9cc2ca413867bc96a 7ca99ab7123d955e31b001e930231ddfe437b63890263b984454538b0ab47135 65ae55466beec02a40c9df750a9a08f44b809137437e20eeeaa30fd7532ea37b 5dfe60670571378e6ddfaeb30804d5bd4a254edde4269e75afb4b6ce8995d582
Follow Us on: Twitter, Instagram, Facebook to get the latest security news!
Leave A Comment