sload | 8bffb5f01d123e3d6eb01393b78f1b179a70924ba38109f6e808a2635aebfafe | Triage

Sharing

General

Target

944f7974e1bf22df4ba5e26d9c0b045b_JaffaCakes118
Size

9KB
Sample

240813-xgqbeazhkf
MD5

944f7974e1bf22df4ba5e26d9c0b045b
SHA1

f23a0b2edf74ec6fa18dfd27cfc68606d919192d
SHA256

8bffb5f01d123e3d6eb01393b78f1b179a70924ba38109f6e808a2635aebfafe
SHA512

65dd8327c339c58e3e7aa15287d09f028fe16370eedfd3f672069c2e7c36d0cc30bff111f1d91292a570f99e758316892602aa9918695985cfd8d9b7d6e1e317
SSDEEP

192:xaFYrF+KlavnTOxR7Xqy/xGSGf6bNQJ1L9wzT/jFDdFuF6:PrF+WavnTOr7XfxnGf6bNQJ1L9cLxDn

Score

10^/10

sload discovery stealer trojan

Malware Config

Targets

- Target
  
  944f7974e1bf22df4ba5e26d9c0b045b_JaffaCakes118
- Size
  
  9KB
- MD5
  
  944f7974e1bf22df4ba5e26d9c0b045b
- SHA1
  
  f23a0b2edf74ec6fa18dfd27cfc68606d919192d
- SHA256
  
  8bffb5f01d123e3d6eb01393b78f1b179a70924ba38109f6e808a2635aebfafe
- SHA512
  
  65dd8327c339c58e3e7aa15287d09f028fe16370eedfd3f672069c2e7c36d0cc30bff111f1d91292a570f99e758316892602aa9918695985cfd8d9b7d6e1e317
- SSDEEP
  
  192:xaFYrF+KlavnTOxR7Xqy/xGSGf6bNQJ1L9wzT/jFDdFuF6:PrF+WavnTOr7XfxnGf6bNQJ1L9cLxDn
Score

10^/10

sload discovery stealer trojan
- sLoad
  sLoad is a PowerShell downloader that can exfiltrate system information and deliver additional payloads.
  trojan stealer sload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

sloaddiscoverystealertrojan

behavioral2

sloaddiscoverystealertrojan