sload | be2f792c44d9e48f90ccb1ff0fe514e28c33de7151631da8d2da8d77dfdbd7ff | Triage

Sharing

General

Target

8c5bfc61bb0b20c461496f954bc957fc_JaffaCakes118
Size

7KB
Sample

240811-26tgkstdlk
MD5

8c5bfc61bb0b20c461496f954bc957fc
SHA1

d6a89fc9aa3e9ba9356d4d943084e51e06e69e96
SHA256

be2f792c44d9e48f90ccb1ff0fe514e28c33de7151631da8d2da8d77dfdbd7ff
SHA512

3c825aee05625202fe166ce2453043731553fe007301e8b716d34c91da5e5f022a21ef1b2de13b71a73ec278e522c27447a7a57b000149d78ec1266a3892d148
SSDEEP

192:UZjfeoBTV34Oc0dM+OTbFpE66Hzd/LSQM/2F4I:UZjfeor4Oc0C+UbFe66HRDSVI

Score

10^/10

sload discovery stealer trojan

Malware Config

Targets

- Target
  
  8c5bfc61bb0b20c461496f954bc957fc_JaffaCakes118
- Size
  
  7KB
- MD5
  
  8c5bfc61bb0b20c461496f954bc957fc
- SHA1
  
  d6a89fc9aa3e9ba9356d4d943084e51e06e69e96
- SHA256
  
  be2f792c44d9e48f90ccb1ff0fe514e28c33de7151631da8d2da8d77dfdbd7ff
- SHA512
  
  3c825aee05625202fe166ce2453043731553fe007301e8b716d34c91da5e5f022a21ef1b2de13b71a73ec278e522c27447a7a57b000149d78ec1266a3892d148
- SSDEEP
  
  192:UZjfeoBTV34Oc0dM+OTbFpE66Hzd/LSQM/2F4I:UZjfeor4Oc0C+UbFe66HRDSVI
Score

10^/10

sload discovery stealer trojan
- sLoad
  sLoad is a PowerShell downloader that can exfiltrate system information and deliver additional payloads.
  trojan stealer sload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

sloaddiscoverystealertrojan

behavioral2

sloaddiscoverystealertrojan