sload | c52e8e5dd3b2d97071b6c08199684594bf50bafe18724a013dc83988b6631894 | Triage

Sharing

General

Target

890e606bc524548cde60d468e944b461_JaffaCakes118
Size

7KB
Sample

240811-ffm18azdme
MD5

890e606bc524548cde60d468e944b461
SHA1

c3cb9d8ce2e9dfbb879eed2317e4a61ceb7acfaf
SHA256

c52e8e5dd3b2d97071b6c08199684594bf50bafe18724a013dc83988b6631894
SHA512

c227bc4b873933b99903baf75f4fb7ae11743fd42f7fffb39b8215fe3f84d1368700157ec574d155a6b120bd59dda7d95923f667490436521c720398d746315b
SSDEEP

192:pF3F1DtwCkPCpxcyJQhkP76yOMAAMmVktlPvUUJtu0:XDtwCkPocGrP76yOMAA5V+XUUJc0

Score

10^/10

sload discovery stealer trojan

Malware Config

Targets

- Target
  
  890e606bc524548cde60d468e944b461_JaffaCakes118
- Size
  
  7KB
- MD5
  
  890e606bc524548cde60d468e944b461
- SHA1
  
  c3cb9d8ce2e9dfbb879eed2317e4a61ceb7acfaf
- SHA256
  
  c52e8e5dd3b2d97071b6c08199684594bf50bafe18724a013dc83988b6631894
- SHA512
  
  c227bc4b873933b99903baf75f4fb7ae11743fd42f7fffb39b8215fe3f84d1368700157ec574d155a6b120bd59dda7d95923f667490436521c720398d746315b
- SSDEEP
  
  192:pF3F1DtwCkPCpxcyJQhkP76yOMAAMmVktlPvUUJtu0:XDtwCkPocGrP76yOMAA5V+XUUJc0
Score

10^/10

sload discovery stealer trojan
- sLoad
  sLoad is a PowerShell downloader that can exfiltrate system information and deliver additional payloads.
  trojan stealer sload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

sloaddiscoverystealertrojan

behavioral2

sloaddiscoverystealertrojan