HexaLocker V2: Skuld Stealer Paving the Way prior to Encryption
Common Information
Type Value
UUID 16260d83-7074-46a1-ac8b-ef28855e315c
Fingerprint 9eb6bc98625faed1
Analysis status DONE
Considered CTI value 2
Text language
Published Jan. 9, 2025, 1:15 p.m.
Added to db Jan. 9, 2025, 2:17 p.m.
Last updated Jan. 19, 2025, 3:26 a.m.
Headline HexaLocker V2: Skuld Stealer Paving the Way prior to Encryption
Title HexaLocker V2: Skuld Stealer Paving the Way prior to Encryption
Detected Hints/Tags/Attributes 99/1/29
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 158 Malware Analysis, News and Indicators - Latest topics https://malware.news/latest.rss 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details Domain 4
hexalocker.xyz
Details Domain 36
www.trellix.com
Details Domain 15
www.synacktiv.com
Details Domain 94
cyble.com
Details File 12
myapp.exe
Details File 111
upload.php
Details File 5
receive.php
Details File 2
lapsus-is-dead-long-live-hexalocker.html
Details sha256 3
8b347bb90c9135c185040ef5fdb87eb5cca821060f716755471a637c350988d8
Details sha256 3
0347aa0b42253ed46fdb4b95e7ffafa40ba5e249dfb5c8c09119f327a1b4795a
Details sha256 3
28c1ec286b178fe06448b25790ae4a0f60ea1647a4bb53fb2ee7de506333b960
Details sha256 3
d0d8df16331b16f9437c0b488d5a89a4c2f09a84dec4da4bc13eab15aded2e05
Details MITRE ATT&CK Techniques 418
T1204.002
Details MITRE ATT&CK Techniques 447
T1547.001
Details MITRE ATT&CK Techniques 541
T1140
Details MITRE ATT&CK Techniques 643
T1083
Details MITRE ATT&CK Techniques 536
T1486
Details MITRE ATT&CK Techniques 138
T1555.003
Details MITRE ATT&CK Techniques 109
T1539
Details MITRE ATT&CK Techniques 128
T1560.001
Details MITRE ATT&CK Techniques 470
T1041
Details Url 4
https://hexalocker.xyz/sgdysre67t43tvd6e5rd.exe
Details Url 3
https://hexalocker.xyz/upload.php
Details Url 4
https://hexalocker.xyz/receive.php
Details Url 2
https://hexalocker.xyz/index.php
Details Url 2
https://www.trellix.com/en-in/blogs/research/skuld-the-infostealer-that-speaks-golang
Details Url 2
https://www.synacktiv.com/publications/lapsus-is-dead-long-live-hexalocker.html
Details Url 1
https://cyble.com/blog/hexalocker-v2-being-proliferated-by-skuld-stealer
Details Windows Registry Key 203
HKCU\Software\Microsoft\Windows\CurrentVersion\Run