SYMBOLCOMMON_NAMEaka. SYNONYMS
ps1.sload (Back to overview)

sLoad

aka: Starslord
URLhaus    

sLoad is a PowerShell downloader that most frequently delivers Ramnit banker and includes noteworthy reconnaissance features. The malware gathers information about the infected system including a list of running processes, the presence of Outlook, and the presence of Citrix-related files. sLoad can also take screenshots and check the DNS cache for specific domains (e.g., targeted banks), as well as load external binaries.

References
2021-06-21Minerva LabsMinerva Labs
@online{labs:20210621:sload:523f242, author = {Minerva Labs}, title = {{Sload Targeting Europe Again}}, date = {2021-06-21}, organization = {Minerva Labs}, url = {https://blog.minerva-labs.com/sload-targeting-europe-again}, language = {English}, urldate = {2021-06-22} } Sload Targeting Europe Again
sLoad
2020-10-28BitdefenderRuben Andrei Condor
@techreport{condor:20201028:decade:b8d7422, author = {Ruben Andrei Condor}, title = {{A Decade of WMI Abuse – an Overview of Techniques in Modern Malware}}, date = {2020-10-28}, institution = {Bitdefender}, url = {https://www.bitdefender.com/files/News/CaseStudies/study/377/Bitdefender-Whitepaper-WMI-creat4871-en-EN-GenericUse.pdf}, language = {English}, urldate = {2020-11-02} } A Decade of WMI Abuse – an Overview of Techniques in Modern Malware
sLoad Emotet Maze
2020-07-13Cert-AgIDCert-AgID
@online{certagid:20200713:campagna:1da46a9, author = {Cert-AgID}, title = {{Campagna sLoad v.2.9.3 veicolata via PEC}}, date = {2020-07-13}, organization = {Cert-AgID}, url = {https://cert-agid.gov.it/news/campagna-sload-v-2-9-3-veicolata-via-pec/}, language = {Italian}, urldate = {2020-07-15} } Campagna sLoad v.2.9.3 veicolata via PEC
sLoad
2020-03-10Cert-PaCert-PA
@online{certpa:20200310:campagna:dac7559, author = {Cert-PA}, title = {{Campagna sLoad “Star Wars Edition” veicolata via PEC}}, date = {2020-03-10}, organization = {Cert-Pa}, url = {https://www.cert-pa.it/notizie/campagna-sload-star-wars-edition-veicolata-via-pec/}, language = {Italian}, urldate = {2020-03-11} } Campagna sLoad “Star Wars Edition” veicolata via PEC
sLoad
2020-01-21MicrosoftMicrosoft Defender ATP Research Team
@online{team:20200121:sload:2a2962b, author = {Microsoft Defender ATP Research Team}, title = {{sLoad launches version 2.0, Starslord}}, date = {2020-01-21}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2020/01/21/sload-launches-version-2-0-starslord/}, language = {English}, urldate = {2020-01-22} } sLoad launches version 2.0, Starslord
sLoad
2019-12-13ThreatpostTara Seals
@online{seals:20191213:elegant:f43d1ed, author = {Tara Seals}, title = {{Elegant sLoad Carries Out Spying, Payload Delivery in BITS}}, date = {2019-12-13}, organization = {Threatpost}, url = {https://threatpost.com/sload-spying-payload-delivery-bits/151120/}, language = {English}, urldate = {2020-01-06} } Elegant sLoad Carries Out Spying, Payload Delivery in BITS
sLoad
2019-01-03CybereasonEli Salem, Lior Rochberger, Niv Yona
@online{salem:20190103:lolbins:08f0a5f, author = {Eli Salem and Lior Rochberger and Niv Yona}, title = {{LOLbins and trojans: How the Ramnit Trojan spreads via sLoad in a cyberattack}}, date = {2019-01-03}, organization = {Cybereason}, url = {https://www.cybereason.com/blog/banking-trojan-delivered-by-lolbins-ramnit-trojan}, language = {English}, urldate = {2020-01-06} } LOLbins and trojans: How the Ramnit Trojan spreads via sLoad in a cyberattack
sLoad
2018-11-27YoroiZLAB-Yoroi
@online{zlabyoroi:20181127:sload:0540bde, author = {ZLAB-Yoroi}, title = {{The SLoad Powershell Threat is Expanding to Italy}}, date = {2018-11-27}, organization = {Yoroi}, url = {https://blog.yoroi.company/research/the-sload-powershell-threat-is-expanding-to-italy/}, language = {English}, urldate = {2019-11-29} } The SLoad Powershell Threat is Expanding to Italy
sLoad
2018-11-23CertegoMatteo Lodi
@online{lodi:20181123:sload:28fb962, author = {Matteo Lodi}, title = {{Sload hits Italy. Unveil the power of powershell as a downloader}}, date = {2018-11-23}, organization = {Certego}, url = {https://www.certego.net/en/news/sload-hits-italy-unveil-the-power-of-powershell-as-a-downloader/}, language = {English}, urldate = {2020-01-13} } Sload hits Italy. Unveil the power of powershell as a downloader
sLoad
2018-10-25Sophia Brown
@online{brown:20181025:new:7234825, author = {Sophia Brown}, title = {{New sLoad malware downloader being leveraged by APT group TA554 to spread Ramnit}}, date = {2018-10-25}, url = {https://cyware.com/news/new-sload-malware-downloader-being-leveraged-by-apt-group-ta554-to-spread-ramnit-7d03f2d9}, language = {English}, urldate = {2019-11-22} } New sLoad malware downloader being leveraged by APT group TA554 to spread Ramnit
sLoad
2018-10-23ProofpointProofpoint Staff
@online{staff:20181023:sload:b4e25c6, author = {Proofpoint Staff}, title = {{sLoad and Ramnit pairing in sustained campaigns against UK and Italy}}, date = {2018-10-23}, organization = {Proofpoint}, url = {https://www.proofpoint.com/us/threat-insight/post/sload-and-ramnit-pairing-sustained-campaigns-against-uk-and-italy}, language = {English}, urldate = {2019-12-20} } sLoad and Ramnit pairing in sustained campaigns against UK and Italy
sLoad
2018-08-05Vitali Kremez BlogVitali Kremez
@online{kremez:20180805:lets:489101d, author = {Vitali Kremez}, title = {{Let's Learn: Diving into the Latest "Ramnit" Banker Malware via "sLoad" PowerShell}}, date = {2018-08-05}, organization = {Vitali Kremez Blog}, url = {https://www.vkremez.com/2018/08/lets-learn-in-depth-into-latest-ramnit.html}, language = {English}, urldate = {2020-01-10} } Let's Learn: Diving into the Latest "Ramnit" Banker Malware via "sLoad" PowerShell
sLoad
2018-05-19Xavier Mertens
@online{mertens:20180519:malicious:85c0a91, author = {Xavier Mertens}, title = {{Malicious Powershell Targeting UK Bank Customers}}, date = {2018-05-19}, url = {https://isc.sans.edu/forums/diary/Malicious+Powershell+Targeting+UK+Bank+Customers/23675/}, language = {English}, urldate = {2020-01-13} } Malicious Powershell Targeting UK Bank Customers
sLoad

There is no Yara-Signature yet.