sload | 6974d7e0bc78fe05635852aabd1f112eea8ba7651f1032d26c4145c30e036e4e | Triage

Sharing

General

Target

8d480d61c5cf6b2159351ef893b231be_JaffaCakes118
Size

9KB
Sample

240812-evtxmsyhpe
MD5

8d480d61c5cf6b2159351ef893b231be
SHA1

eaf0c1753e9b0da1c6312e05a2e22238625bfe38
SHA256

6974d7e0bc78fe05635852aabd1f112eea8ba7651f1032d26c4145c30e036e4e
SHA512

dff09e98af520e2492cc6c610394186f7ceaff8f8c406854318e9eaa22a2104393f7d7a6f1faf7caf4dfc4ec998ba4dbcc7161d4f573147423eb6a46562ad324
SSDEEP

192:vrE1FzIZvtX4nBzxr6s3khSbI3z0pY/qMkAiKCjHXuqT/nt9BXEWFLFL:vIbgvtX4nBzxr6s3khaIYpY/qmCjHeqV

Score

10^/10

sload discovery stealer trojan

Malware Config

Targets

- Target
  
  8d480d61c5cf6b2159351ef893b231be_JaffaCakes118
- Size
  
  9KB
- MD5
  
  8d480d61c5cf6b2159351ef893b231be
- SHA1
  
  eaf0c1753e9b0da1c6312e05a2e22238625bfe38
- SHA256
  
  6974d7e0bc78fe05635852aabd1f112eea8ba7651f1032d26c4145c30e036e4e
- SHA512
  
  dff09e98af520e2492cc6c610394186f7ceaff8f8c406854318e9eaa22a2104393f7d7a6f1faf7caf4dfc4ec998ba4dbcc7161d4f573147423eb6a46562ad324
- SSDEEP
  
  192:vrE1FzIZvtX4nBzxr6s3khSbI3z0pY/qMkAiKCjHXuqT/nt9BXEWFLFL:vIbgvtX4nBzxr6s3khaIYpY/qmCjHeqV
Score

10^/10

sload discovery stealer trojan
- sLoad
  sLoad is a PowerShell downloader that can exfiltrate system information and deliver additional payloads.
  trojan stealer sload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

sloaddiscoverystealertrojan

behavioral2

sloaddiscoverystealertrojan