Overview

overview

10

Static

static

FattDiffEm...69.vbs

windows7_x64

10

FattDiffEm...69.vbs

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a21313d83fb43f4bcdaa0b2cbe350bb511dd52a7ebd81690dfa62c7e027a70ac

  • Size

    65KB

  • Sample

    220520-seve5ahah3

  • MD5

    ccb97017a388e61bd1b7f1c47700e9af

  • SHA1

    a7a7e170db3a7ca5d7abc4465ed44c188e917b81

  • SHA256

    a21313d83fb43f4bcdaa0b2cbe350bb511dd52a7ebd81690dfa62c7e027a70ac

  • SHA512

    934c3aea6b8746f22473378dfdd29c5a578c5b2238d8b5f7ee1e39bd0dd6af7263ce6dd565185c4b3caba3ae57e6665a514bb6d23df0c2a7a4849c0f9d861dff

Score
10/10
sloadstealertrojan

Malware Config

Targets

    • Target

      FattDiffEmessa2020 03799870369/FattDiffEmessa2020 03799870369.vbs

    • Size

      3KB

    • MD5

      ba1697038db097aae963962a1fd5dd15

    • SHA1

      46e3f1b7e3c93f3de52d63a1afb3b6f6c17180b8

    • SHA256

      79b59d0b510fb8855ee624fd51b46c2b4f1cccef9294860f9864f00183b07e2c

    • SHA512

      d45c7b86124b760381e36eeb301c2fba631e38b3ba537187ca059238eb2692531dda9efaa0ed0806c2530794b9fcd4f70e872ff6da2984d31ea812e6e177fb64

    Score
    10/10
    sloadstealertrojan

    • sLoad

      sLoad is a PowerShell downloader that can exfiltrate system information and deliver additional payloads.

      trojanstealersload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks