Allegato_Sload_Italy_vbs (20).vbs

General
Target

Allegato_Sload_Italy_vbs (20).vbs

Size

7KB

Sample

201123-5h9cfn9wsn

Score
10 /10
MD5

764c02c19ff5e5813528991248c34d08

SHA1

d6c3be949a077865c84ae819265bf3a8acf4115f

SHA256

189c235e1d8e1cd2bf2ad530c774a3004872956729b475edd53f0397b81c0806

SHA512

77ab15c84a2472f65ff4966ef57b5ff85732e4c42158ed262a24bf64a874a89581ae16b24959c175230bc0e4933d4bff0f7921190ebfa9ff30a277e2cd8224f9

Malware Config
Targets
Target

Allegato_Sload_Italy_vbs (20).vbs

MD5

764c02c19ff5e5813528991248c34d08

Filesize

7KB

Score
10 /10
SHA1

d6c3be949a077865c84ae819265bf3a8acf4115f

SHA256

189c235e1d8e1cd2bf2ad530c774a3004872956729b475edd53f0397b81c0806

SHA512

77ab15c84a2472f65ff4966ef57b5ff85732e4c42158ed262a24bf64a874a89581ae16b24959c175230bc0e4933d4bff0f7921190ebfa9ff30a277e2cd8224f9

Tags

Signatures

  • sLoad

    Description

    sLoad is a PowerShell downloader that can exfiltrate system information and deliver additional payloads.

    Tags

  • Executes dropped EXE

  • Enumerates physical storage devices

    Description

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

    TTPs

    System Information Discovery

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                      Privilege Escalation
                        Tasks

                        static1

                        behavioral1

                        10/10

                        behavioral2

                        10/10