sload | e97269e83b3cc604702b44e6676b0134611fa8746755c068c7da97c7b1d038f4 | Triage

Sharing

General

Target

1451e485a998efac76f8e81d34988893_JaffaCakes118
Size

8KB
Sample

240627-cpqxpazglp
MD5

1451e485a998efac76f8e81d34988893
SHA1

ee86e3f24e2c83b32c072ddbf0961e93cf0f6624
SHA256

e97269e83b3cc604702b44e6676b0134611fa8746755c068c7da97c7b1d038f4
SHA512

e39306b4088a1c170f01cc94289bbe37dae1f000fd7000d7e3a480bcd68ff7fdb1a8705108fe9625bc387449c43773b9631e3809c75a925287ccf83660c294f1
SSDEEP

192:PFKxFd2YweUljAi+aijg9i6XgSJbK01rlxi/h+iO0mmyzUDlq:I2tecjAhaSg9i6wSJbR1rTisqyYRq

Score

10^/10

sload stealer trojan

Malware Config

Targets

- Target
  
  1451e485a998efac76f8e81d34988893_JaffaCakes118
- Size
  
  8KB
- MD5
  
  1451e485a998efac76f8e81d34988893
- SHA1
  
  ee86e3f24e2c83b32c072ddbf0961e93cf0f6624
- SHA256
  
  e97269e83b3cc604702b44e6676b0134611fa8746755c068c7da97c7b1d038f4
- SHA512
  
  e39306b4088a1c170f01cc94289bbe37dae1f000fd7000d7e3a480bcd68ff7fdb1a8705108fe9625bc387449c43773b9631e3809c75a925287ccf83660c294f1
- SSDEEP
  
  192:PFKxFd2YweUljAi+aijg9i6XgSJbK01rlxi/h+iO0mmyzUDlq:I2tecjAhaSg9i6wSJbR1rTisqyYRq
Score

10^/10

sload stealer trojan
- sLoad
  sLoad is a PowerShell downloader that can exfiltrate system information and deliver additional payloads.
  trojan stealer sload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

sloadstealertrojan

behavioral2

sloadstealertrojan