sload | dca061b0e907f406bcc27ca2c6ed8a408e2ab52d0f1bd325785aab07f5c58f86 | Triage

Sharing

General

Target

Allegato_doc_02613440060.vbs.zip
Size

2KB
Sample

220222-ryjx3abagj
MD5

c9767894f47221d3022314a36ddca1fd
SHA1

7ad8d7aeb367dacdc18a21baeab870e4f27246d0
SHA256

dca061b0e907f406bcc27ca2c6ed8a408e2ab52d0f1bd325785aab07f5c58f86
SHA512

8b2238bcb9a001d35fb202dac50893fc9e956a056a5433158cf521ac317222f7236e288a9728c160fbe9fe1410f8fc33ecb525e4f2ff20597631d3e8a58171fe

Score

10^/10

sload stealer trojan

Malware Config

Targets

- Target
  
  Allegato_doc_02613440060.vbs
- Size
  
  8KB
- MD5
  
  6266da42dda2a91e97c63181b85b26d4
- SHA1
  
  2a0673cc7ea00b5187dac046b906aa1018317236
- SHA256
  
  12bad94c43427bae4e3855ebdd60d32d7a6305f108a811ead926950450ec503b
- SHA512
  
  fed5ca3e0b5f2214d12c6e8e6d86b6f96589e4629a588bb91cb3df90e3f20c17bb0413f9cbc1683a64642a5b2aa1ddc3ce2a59bb674febe28676c5a5157913c6
Score

10^/10

sload stealer trojan
- sLoad
  sLoad is a PowerShell downloader that can exfiltrate system information and deliver additional payloads.
  trojan stealer sload
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

sloadstealertrojan

behavioral2

sloadstealertrojan