sLoad

Description

(Proofpoint) sLoad is also written in PowerShell. At the time of this writing, the latest version of sLoad was 5.07b, which we will analyze here. It includes noteworthy features such as:

• Collection of information to report to the C&C server that includes: o A list of running process o Presence of .ICA files on the system (likely Citrix-related) o Whether an Outlook folder is present on the system o Additional reconnaissance data • The ability to take screenshots • Checking the DNS cache for specific domains (e.g., targeted banks) • Loading external binaries

Names

Name
sLoad
StarsLord

Type

Reconnaissance
Backdoor
Banking trojan
Info stealer
Downloader

Information

https://www.proofpoint.com/us/threat-insight/post/sload-and-ramnit-pairing-sustained-campaigns-against-uk-and-italy
https://threatpost.com/sload-malware-revamped-starslord-l-features/152084/
https://cyware.com/news/new-sload-malware-downloader-being-leveraged-by-apt-group-ta554-to-spread-ramnit-7d03f2d9
https://isc.sans.edu/forums/diary/Malicious+Powershell+Targeting+UK+Bank+Customers/23675/
https://blog.yoroi.company/research/the-sload-powershell-threat-is-expanding-to-italy/
https://www.cybereason.com/blog/banking-trojan-delivered-by-lolbins-ramnit-trojan

Malpedia

https://malpedia.caad.fkie.fraunhofer.de/details/ps1.sload

Other Information

Uuid

02ef4587-9f94-4cfd-869a-7bebeb283516

Last Card Change

2020-05-13

Threat Intelligence Garden

Explorer

sLoad

sLoad

Description

Names

Category

Type

Information

Malpedia

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks