sload | c6107c4569196a4c240da6ab73e259556e39f68a7d83330c34550ac8a43f35d9 | Triage

Sharing

General

Target

bc01ff54189a4d4014484b181624dbeb_JaffaCakes118
Size

116KB
Sample

240618-pz3epatfqc
MD5

bc01ff54189a4d4014484b181624dbeb
SHA1

3ec09b8075462565e158df0e50fb2faf8628e792
SHA256

c6107c4569196a4c240da6ab73e259556e39f68a7d83330c34550ac8a43f35d9
SHA512

27b42bbd5bf403b8c18a0828a4a1c26a051ae6e150e66ddd2b1afa16d4ed4cae35aebe5792ecc8aead27d8b23da759c5babf8a1936185b684086662734df41f1
SSDEEP

3072:7ZiyX09E8J3fWruXqnhi89T/H5GPuffVN5LIdW:7zX09E8FfWruXqnhi89T/ZGPwdN5LIdW

Score

10^/10

sload execution stealer trojan

Malware Config

Targets

- Target
  
  bc01ff54189a4d4014484b181624dbeb_JaffaCakes118
- Size
  
  116KB
- MD5
  
  bc01ff54189a4d4014484b181624dbeb
- SHA1
  
  3ec09b8075462565e158df0e50fb2faf8628e792
- SHA256
  
  c6107c4569196a4c240da6ab73e259556e39f68a7d83330c34550ac8a43f35d9
- SHA512
  
  27b42bbd5bf403b8c18a0828a4a1c26a051ae6e150e66ddd2b1afa16d4ed4cae35aebe5792ecc8aead27d8b23da759c5babf8a1936185b684086662734df41f1
- SSDEEP
  
  3072:7ZiyX09E8J3fWruXqnhi89T/H5GPuffVN5LIdW:7zX09E8FfWruXqnhi89T/ZGPwdN5LIdW
Score

10^/10

sload execution stealer trojan
- sLoad
  sLoad is a PowerShell downloader that can exfiltrate system information and deliver additional payloads.
  trojan stealer sload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

sloadexecutionstealertrojan

behavioral2

sloadexecutionstealertrojan