sload | 405173656c1b1818248db05bb6105ea3353ec6c029fa4643e92ccfb89c855076 | Triage

Sharing

General

Target

8ff5aa60032b0bfecd878635d978f8fd_JaffaCakes118
Size

9KB
Sample

240812-xye7rszdqg
MD5

8ff5aa60032b0bfecd878635d978f8fd
SHA1

4011339acb95e12c5bfa057f220ebbaf6bf31424
SHA256

405173656c1b1818248db05bb6105ea3353ec6c029fa4643e92ccfb89c855076
SHA512

b8d05e7bea115c4693efc9797b82661d80a3c0613624a26671378ac5ba3f860a0fb62c3126d79f7dbc170e982cd8bfc4f7f0d579b333a0c391117caa70d734a9
SSDEEP

192:SF9BcRMwRNOfvVrrGs470B35hjS173BVcVHcIRgLUEtfR:MuRMwz0vVes47035hjS17xVAzRPEtfR

Score

10^/10

sload discovery stealer trojan

Malware Config

Targets

- Target
  
  8ff5aa60032b0bfecd878635d978f8fd_JaffaCakes118
- Size
  
  9KB
- MD5
  
  8ff5aa60032b0bfecd878635d978f8fd
- SHA1
  
  4011339acb95e12c5bfa057f220ebbaf6bf31424
- SHA256
  
  405173656c1b1818248db05bb6105ea3353ec6c029fa4643e92ccfb89c855076
- SHA512
  
  b8d05e7bea115c4693efc9797b82661d80a3c0613624a26671378ac5ba3f860a0fb62c3126d79f7dbc170e982cd8bfc4f7f0d579b333a0c391117caa70d734a9
- SSDEEP
  
  192:SF9BcRMwRNOfvVrrGs470B35hjS173BVcVHcIRgLUEtfR:MuRMwz0vVes47035hjS17xVAzRPEtfR
Score

10^/10

sload discovery stealer trojan
- sLoad
  sLoad is a PowerShell downloader that can exfiltrate system information and deliver additional payloads.
  trojan stealer sload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

sloaddiscoverystealertrojan

behavioral2

sloaddiscoverystealertrojan