sload | db2b2aca54ef81c93e298620e3a8dc6ca812335f0306924fb060d2bd9fe0fc28 | Triage

Sharing

General

Target

29559f995653dd2346c9dfbd082e8106_JaffaCakes118
Size

9KB
Sample

240706-ztgwxasejk
MD5

29559f995653dd2346c9dfbd082e8106
SHA1

5234aa0c46b9cd856d42d9952da3710edbebb329
SHA256

db2b2aca54ef81c93e298620e3a8dc6ca812335f0306924fb060d2bd9fe0fc28
SHA512

a42116e42dd6bbee0a7faf4c4f560ec2e94d03d63fc0a1c1ffe7555f04c80190f6c4c1e5829526823802a7c4226302ae916cfa25a74af6f51633084700096135
SSDEEP

192:VFlRdcLMXrNDN8cPVAXSOh8TOhWDTaDrm8yhFdFxF9:NRgMXrNJ8cPVAXTh8TOsDTaDK8yl

Score

10^/10

sload stealer trojan

Malware Config

Targets

- Target
  
  29559f995653dd2346c9dfbd082e8106_JaffaCakes118
- Size
  
  9KB
- MD5
  
  29559f995653dd2346c9dfbd082e8106
- SHA1
  
  5234aa0c46b9cd856d42d9952da3710edbebb329
- SHA256
  
  db2b2aca54ef81c93e298620e3a8dc6ca812335f0306924fb060d2bd9fe0fc28
- SHA512
  
  a42116e42dd6bbee0a7faf4c4f560ec2e94d03d63fc0a1c1ffe7555f04c80190f6c4c1e5829526823802a7c4226302ae916cfa25a74af6f51633084700096135
- SSDEEP
  
  192:VFlRdcLMXrNDN8cPVAXSOh8TOhWDTaDrm8yhFdFxF9:NRgMXrNJ8cPVAXTh8TOsDTaDK8yl
Score

10^/10

sload stealer trojan
- sLoad
  sLoad is a PowerShell downloader that can exfiltrate system information and deliver additional payloads.
  trojan stealer sload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

sloadstealertrojan

behavioral2

sloadstealertrojan