sload | a06d938815152198d177761698bdeb45ab3f5be509362fbc3957f87713f1b97f | Triage

Sharing

General

Target

2dcaf51516980adbe613009d1ca9764b_JaffaCakes118
Size

9KB
Sample

240708-zw1rss1dqb
MD5

2dcaf51516980adbe613009d1ca9764b
SHA1

fb554ddbcf9c2762af321927e5dde0bb47f38e24
SHA256

a06d938815152198d177761698bdeb45ab3f5be509362fbc3957f87713f1b97f
SHA512

4d63411921fc969f59ae9becdbdbc2e09aa292d4bb77c85c84208768df63afd44f09143096627e7694e50356ce5b967222d2bd3488e6ec599e84fb880282e30f
SSDEEP

192:LGpSVqj1bng0JaWg8ogL5gplgkLDp+mE7E4QehSy0wfV331mbFV+vrrWGFD:LGpSVq5bng0XglAyjgkL1+mE7E4QeMyZ

Score

10^/10

sload stealer trojan

Malware Config

Targets

- Target
  
  2dcaf51516980adbe613009d1ca9764b_JaffaCakes118
- Size
  
  9KB
- MD5
  
  2dcaf51516980adbe613009d1ca9764b
- SHA1
  
  fb554ddbcf9c2762af321927e5dde0bb47f38e24
- SHA256
  
  a06d938815152198d177761698bdeb45ab3f5be509362fbc3957f87713f1b97f
- SHA512
  
  4d63411921fc969f59ae9becdbdbc2e09aa292d4bb77c85c84208768df63afd44f09143096627e7694e50356ce5b967222d2bd3488e6ec599e84fb880282e30f
- SSDEEP
  
  192:LGpSVqj1bng0JaWg8ogL5gplgkLDp+mE7E4QehSy0wfV331mbFV+vrrWGFD:LGpSVq5bng0XglAyjgkL1+mE7E4QeMyZ
Score

10^/10

sload stealer trojan
- sLoad
  sLoad is a PowerShell downloader that can exfiltrate system information and deliver additional payloads.
  trojan stealer sload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

sloadstealertrojan

behavioral2

sloadstealertrojan