MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2094278b158204d7de6ef35bd5362023ba03d642471780ad5fee8154ff58e5c3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


SkuldStealer


Vendor detections: 15


Intelligence 15 IOCs YARA 4 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2094278b158204d7de6ef35bd5362023ba03d642471780ad5fee8154ff58e5c3
SHA3-384 hash: 2135696afca95112cf811332fc660f213465d7d48553a4d5e84fee14e23848d77a8d1db20792dce008d0f8e021d98ea5
SHA1 hash: f591f3c722eaa08c9326179fe32cb07da5d838e1
MD5 hash: 1ddf10cf5ca3a4114c46dd7ec8d003d3
humanhash: helium-wisconsin-friend-uncle
File name:file
Download: download sample
Signature SkuldStealer
Create hunting rule
File size:5'939'200 bytes
First seen:2025-10-01 04:04:40 UTC
Last seen:2025-10-01 04:05:06 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 73109aabc46d7fe64b61778f5bdbb540 (7 x Vidar, 2 x DarkCloud, 1 x AsyncRAT)
ssdeep 98304:iDYFw1kML3WFfVNrzRr1fomjT6fapIG+Odf2Fhvkm3KBK:1FW3YN1fommkIudf2Fb3YK
Threatray 10 similar samples on MalwareBazaar
TLSH T15056F125FC36D18AECE38071BF39D221D5222D77DF2C326B81DC49900565DEEA62E17A
TrID 63.5% (.EXE) Win64 Executable (generic) (10522/11/4)
12.2% (.EXE) OS/2 Executable (generic) (2029/13)
12.0% (.EXE) Generic Win/DOS Executable (2002/3)
12.0% (.EXE) DOS Executable Generic (2000/1)
Magika pebin
Reporter Bitsight
Tags:dropped-by-amadey exe SkuldStealer


Avatar
Bitsight
url: http://178.16.55.189/files/7712568273/KEXCNfR.exe

Intelligence

File Origin
# of uploads :
4
# of downloads :
83
Origin country :
US US
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
file
Verdict:
Malicious activity
Analysis date:
2025-10-01 04:07:33 UTC
Tags:
upx uac skuld
Link:
https://app.any.run/tasks/88c0acb9-d4a2-48f4-a90b-ac245b9d52ee

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/29655/
Verdict:
Malicious
Score:
90.2%
Link:
https://cyber-fortress.com/docs/result/index.php?id=68dca89c40b7da0b4eb9118c
Tags:
virus shell sage
Result
Verdict:
Malware
Maliciousness:

Behaviour
Unauthorized injection to a recently created process
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
fingerprint microsoft_visual_cc obfuscated packed packed packer_detected
Link:
https://www.filescan.io/uploads/68dca895674d5fd6aa11fc8d/reports/79b6a1e4-07ef-4b75-90c9-68e4f97b0c73/overview
Verdict:
Malicious
Labled as:
Lazy.Generic
Link:
https://www.hybrid-analysis.com/sample/2094278b158204d7de6ef35bd5362023ba03d642471780ad5fee8154ff58e5c3
Verdict:
Malicious
File Type:
exe x64
First seen:
2025-09-30T23:37:00Z UTC
Last seen:
2025-10-01T10:14:00Z UTC
Hits:
~10
Detections:
UDS:DangerousObject.Multi.Generic
Link:
https://opentip.kaspersky.com/2094278b158204d7de6ef35bd5362023ba03d642471780ad5fee8154ff58e5c3/results?tab=lookup
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/44fec7bf-4f9a-46de-8f26-e0ede0dfc332
Score:
100%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/2094278b158204d7de6ef35bd5362023ba03d642471780ad5fee8154ff58e5c3
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/2094278b158204d7de6ef35bd5362023ba03d642471780ad5fee8154ff58e5c3/
Verdict:
Malicious
Threat:
Family.SKULD
Link:
https://tip.neiki.dev/file/2094278b158204d7de6ef35bd5362023ba03d642471780ad5fee8154ff58e5c3
Threat name:
Win64.Trojan.Midie
Create hunting rule
Status:
Malicious
First seen:
2025-10-01 04:06:36 UTC
File Type:
PE+ (Exe)
AV detection:
22 of 24 (91.67%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=eckcpcyvqicnpxto6nn5knraeo5ahvsci4lyblk752avj72y4xbq._file
Verdict:
malicious
Label(s):
skuldstealer
Create hunting rule
Similar samples:
1d54a080d891484c7c3b2933c5cfb331a90d8c11d4445dfeec0025f8382d427c
SkuldStealer
308fffaaaa7a2200a82e88a8977eedf1bb792af512f84d0e4568a1f717384bdc
SkuldStealer
398313d5532cfc25c0d4bf936a94631f7ccd0a787238049be798003042f7a3ab
SkuldStealer
40d524ba12ded4ec3d041b76deb428be5f19702414f85c5596362b3512ef3dfe
SkuldStealer
422cf765574850761cf52b577df47f8dfa7cb52c964fc3f70c49fb90841e9445
SkuldStealer
56f604cfc92d76f91f8904fd6dfbcb3a7a775b0d6301461270b50a454f06b0ad
SkuldStealer
6381a3f5fc76fdd31bd00a04055d8a7a413217dbf94084fe9f37ef6ff51dd523
SkuldStealer
79add679b6797a46a69d90e7cf40ae91c886e5956602dbb8a4b71dbbf6754379
SkuldStealer
error
SkuldStealer
Result
Malware family:
skuld
Create hunting rule
Score:
  10/10
Tags:
family:skuld defense_evasion persistence stealer upx
Link:
https://tria.ge/reports/251001-enw4esslx9/
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Views/modifies file attributes
Suspicious use of SetThreadContext
UPX packed file
Adds Run key to start application
Executes dropped EXE
Skuld family
Skuld stealer
Malware Config
C2 Extraction:
https://discord.com/api/webhooks/1418377721368809692/MuIq_XR_YVcmAoNmw3HrDYccIP-FM33Y2E-Yx_V33M2Q7aysCl3tkoUj3OSTXP7-BeYc
Verdict:
Suspicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/0d6779b3-1976-4329-aa4a-26630971e099
Unpacked files
SH256 hash:
2094278b158204d7de6ef35bd5362023ba03d642471780ad5fee8154ff58e5c3
MD5 hash:
1ddf10cf5ca3a4114c46dd7ec8d003d3
SHA1 hash:
f591f3c722eaa08c9326179fe32cb07da5d838e1
Link:
https://www.unpac.me/results/fb2915ab-f9d8-449f-a34e-dcdf8c6f70bd/
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/2094278b1582/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/2094278b158204d7de6ef35bd5362023ba03d642471780ad5fee8154ff58e5c3

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:CP_AllMal_Detector
Create hunting rule
Author:DiegoAnalytics
Description:CrossPlatform All Malwares Detector: Detect PE, ELF, Mach-O, scripts, archives; overlay, obfuscation, encryption, spoofing, hiding, high entropy, network communication
Rule name:DebuggerCheck__API
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:golang_bin_JCorn_CSC846
Create hunting rule
Author:Justin Cornwell
Description:CSC-846 Golang detection ruleset
Rule name:pe_detect_tls_callbacks
Create hunting rule

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

SkuldStealer

Executable exe 2094278b158204d7de6ef35bd5362023ba03d642471780ad5fee8154ff58e5c3

(this sample)

  
Dropped by
Amadey
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/29655/
  
URLhaus
https://urlhaus.abuse.ch/url/3636114/

Comments