Overview

overview

10

Static

static

Allegato_d...4O.vbs

windows7_x64

10

Allegato_d...4O.vbs

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    41c17c8d5677a83251270e73488a1fc122c9b1ba571b411b0e0ef439302ae866

  • Size

    67KB

  • Sample

    220221-2rbm8abch3

  • MD5

    93e2c06f04589e5a10e6a6e93a2c06c5

  • SHA1

    c3151b264eac43800920a338642fde8f95cd0d5b

  • SHA256

    41c17c8d5677a83251270e73488a1fc122c9b1ba571b411b0e0ef439302ae866

  • SHA512

    d24b515bb1a3761868df71444c1ceafe549faba8845834d726afdf5ee5f079c5f9b43e2a8d67bf7e52bab930954e89863f903b361936ac2013ef613f4cff2845

Score
10/10
sloadstealertrojan

Malware Config

Targets

    • Target

      Allegato_doc_JNKMTJ64B29L424O.vbs

    • Size

      8KB

    • MD5

      5d2f707cea7e80c85d83f14213e1d7e0

    • SHA1

      6a7e4e3a532ef4cbbf77508931324a20fe79d7e2

    • SHA256

      d3d75e2f255c63ccc14496877d562f04641da53ce9bf064b1b8e4969034cce9a

    • SHA512

      beb572b51df993ed0a7464789a211d79b906387fdcceff2bcb517c98f83c933fc3513c6e707ae3b7209b1f6d618ccbd7284b17704083b8023e1c61ccf6868090

    Score
    10/10
    sloadstealertrojan

    • sLoad

      sLoad is a PowerShell downloader that can exfiltrate system information and deliver additional payloads.

      trojanstealersload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks