495b05b6f2faa5294f00e3d891a137e0f3f2a34430055030b002438aa29fbd99 | Triage

Analysis

max time kernel
134s
max time network
140s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
23/08/2024, 09:19

Sharing

Report Analysis Logs

General

Target

SetLoader.small.exe
Size

6.2MB
MD5

0ea7c6316dd45ced14dbd5b06dfb2098
SHA1

6a53d81c044117204b5d256aeb121fa77ee23e78
SHA256

719b18a62ffd20ee2ac96d12cdb6a961469e00bed11255e1ce616f8747239bde
SHA512

1e934d7da30a5357f9715395b0c320fe59a32b3cf3ea298d410bb2d359fe397e34e45e792a0d189412bbc90970384d6dcfa46a6facbe570d42125a9c4113dcb2
SSDEEP

49152:gLnlZDQmTSiQb4N+rgzs5/cS3S7EI05pb2OiYbil7wOdmftCQor+gEu5+HDjlI3W:gbHfYb7EmfQ+gNICEvZ5

Score

10^/10

credential_access discovery spyware stealer

Malware Config

Signatures

DeerStealer 15 IoCs

Detects DeerStealer malware - JaffaCakes118.

resource	yara_rule
behavioral2/memory/204-12-0x0000000140000000-0x000000014027E000-memory.dmp	DeerStealer
behavioral2/memory/204-18-0x0000000140000000-0x000000014027E000-memory.dmp	DeerStealer
behavioral2/memory/204-17-0x0000000140000000-0x000000014027E000-memory.dmp	DeerStealer
behavioral2/memory/204-16-0x0000000140000000-0x000000014027E000-memory.dmp	DeerStealer
behavioral2/memory/204-15-0x0000000140000000-0x000000014027E000-memory.dmp	DeerStealer
behavioral2/memory/204-14-0x0000000140000000-0x000000014027E000-memory.dmp	DeerStealer
behavioral2/memory/204-13-0x0000000140000000-0x000000014027E000-memory.dmp	DeerStealer
behavioral2/memory/204-1-0x0000000140000000-0x000000014027E000-memory.dmp	DeerStealer
behavioral2/memory/204-19-0x0000000140000000-0x000000014027E000-memory.dmp	DeerStealer
behavioral2/memory/204-20-0x0000000140000000-0x000000014027E000-memory.dmp	DeerStealer
behavioral2/memory/204-27-0x0000000140000000-0x000000014027E000-memory.dmp	DeerStealer
behavioral2/memory/204-35-0x0000000140000000-0x000000014027E000-memory.dmp	DeerStealer
behavioral2/memory/204-38-0x0000000140000000-0x000000014027E000-memory.dmp	DeerStealer
behavioral2/memory/204-46-0x0000000140000000-0x000000014027E000-memory.dmp	DeerStealer
behavioral2/memory/204-47-0x0000000140000000-0x000000014027E000-memory.dmp	DeerStealer

Credentials from Password Stores: Credentials from Web Browsers 1 TTPs
Malicious Access or copy of Web Browser Credential store.
credential_access stealer

Credentials from Web Browsers
T1555.003
Reads WinSCP keys stored on the system 2 TTPs
Tries to access WinSCP stored sessions.
spyware stealer

Data from Local System
T1005

Credentials in Registry
T1552.002
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
204	SetLoader.small.exe
204	SetLoader.small.exe

C:\Users\Admin\AppData\Local\Temp\SetLoader.small.exe
"C:\Users\Admin\AppData\Local\Temp\SetLoader.small.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:204

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Credentials in Registry

Discovery

Browser Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/204-0-0x0000000002750000-0x0000000002751000-memory.dmp

Filesize
4KB

Download
memory/204-9-0x0000000002E00000-0x0000000003013000-memory.dmp

Filesize
2.1MB

Download
memory/204-12-0x0000000140000000-0x000000014027E000-memory.dmp

Filesize
2.5MB

Download
memory/204-18-0x0000000140000000-0x000000014027E000-memory.dmp

Filesize
2.5MB

Download
memory/204-17-0x0000000140000000-0x000000014027E000-memory.dmp

Filesize
2.5MB

Download
memory/204-16-0x0000000140000000-0x000000014027E000-memory.dmp

Filesize
2.5MB

Download
memory/204-15-0x0000000140000000-0x000000014027E000-memory.dmp

Filesize
2.5MB

Download
memory/204-14-0x0000000140000000-0x000000014027E000-memory.dmp

Filesize
2.5MB

Download
memory/204-13-0x0000000140000000-0x000000014027E000-memory.dmp

Filesize
2.5MB

Download
memory/204-1-0x0000000140000000-0x000000014027E000-memory.dmp

Filesize
2.5MB

Download
memory/204-19-0x0000000140000000-0x000000014027E000-memory.dmp

Filesize
2.5MB

Download
memory/204-20-0x0000000140000000-0x000000014027E000-memory.dmp

Filesize
2.5MB

Download
memory/204-27-0x0000000140000000-0x000000014027E000-memory.dmp

Filesize
2.5MB

Download
memory/204-29-0x0000000002750000-0x0000000002751000-memory.dmp

Filesize
4KB

Download
memory/204-30-0x0000000002E00000-0x0000000003013000-memory.dmp

Filesize
2.1MB

Download
memory/204-31-0x0000000000400000-0x0000000000A38000-memory.dmp

Filesize
6.2MB

Download
memory/204-36-0x00007FFBDAF85000-0x00007FFBDAF86000-memory.dmp

Filesize
4KB

Download
memory/204-35-0x0000000140000000-0x000000014027E000-memory.dmp

Filesize
2.5MB

Download
memory/204-38-0x0000000140000000-0x000000014027E000-memory.dmp

Filesize
2.5MB

Download
memory/204-40-0x0000000140000000-0x000000014027E000-memory.dmp

Filesize
2.5MB

Download
memory/204-45-0x00007FFBDAEE0000-0x00007FFBDB0BB000-memory.dmp

Filesize
1.9MB

Download
memory/204-46-0x0000000140000000-0x000000014027E000-memory.dmp

Filesize
2.5MB

Download
memory/204-47-0x0000000140000000-0x000000014027E000-memory.dmp

Filesize
2.5MB

Download
memory/204-57-0x00007FFBDAEE0000-0x00007FFBDB0BB000-memory.dmp

Filesize
1.9MB

Download