sload | 109ce2c2ec110de51db1113ad11bcbb30c4c3ef02f2dda5a97a138f885f50f49 | Triage

Sharing

General

Target

29ec374f3e6c877fb8d178d54bdc86d6_JaffaCakes118
Size

9KB
Sample

240707-mmndwszclp
MD5

29ec374f3e6c877fb8d178d54bdc86d6
SHA1

dc798767bb280847a81f6fce72c2100c190a8135
SHA256

109ce2c2ec110de51db1113ad11bcbb30c4c3ef02f2dda5a97a138f885f50f49
SHA512

6d62ff0e4f6f329e9a6d45fd41703512fee0db53a9ca7b9fa9b7827337b026d06eba4ae12d08f5f7654d6b218670b779928071fa28c18aba812cd50b4421dc17
SSDEEP

192:GFPF/TusFUnu/nXWB+N7Z+ssQBq4MZEgo8xNQCBDG+Z0JK7WOG/bbfghfyFIFQF6:CTusFUnu/nXWm7Z+s5HMZEgo8xNQCBqg

Score

10^/10

sload stealer trojan

Malware Config

Targets

- Target
  
  29ec374f3e6c877fb8d178d54bdc86d6_JaffaCakes118
- Size
  
  9KB
- MD5
  
  29ec374f3e6c877fb8d178d54bdc86d6
- SHA1
  
  dc798767bb280847a81f6fce72c2100c190a8135
- SHA256
  
  109ce2c2ec110de51db1113ad11bcbb30c4c3ef02f2dda5a97a138f885f50f49
- SHA512
  
  6d62ff0e4f6f329e9a6d45fd41703512fee0db53a9ca7b9fa9b7827337b026d06eba4ae12d08f5f7654d6b218670b779928071fa28c18aba812cd50b4421dc17
- SSDEEP
  
  192:GFPF/TusFUnu/nXWB+N7Z+ssQBq4MZEgo8xNQCBDG+Z0JK7WOG/bbfghfyFIFQF6:CTusFUnu/nXWm7Z+s5HMZEgo8xNQCBqg
Score

10^/10

sload stealer trojan
- sLoad
  sLoad is a PowerShell downloader that can exfiltrate system information and deliver additional payloads.
  trojan stealer sload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

sloadstealertrojan

behavioral2

sloadstealertrojan