General
-
Target
b1af67bcfaa99c369960580f86e7c1a42fc473dd85a0a4d3b1c989a6bc138a42
-
Size
269KB
-
Sample
220228-dqzfwsedfn
-
MD5
e640bdb76d7b30cb9ca9250d5b6631e3
-
SHA1
0540792efa9eb7ecdcfce3340dc0be1204c1e8c8
-
SHA256
b1af67bcfaa99c369960580f86e7c1a42fc473dd85a0a4d3b1c989a6bc138a42
-
SHA512
0d9bbc8f82a212cbb92595f2d5e7e4e1bab00061286f04441dce4c383827e3d55a60afee4e1d52b2af4ded201c5c54c046a4065ca055cfa1448b807a4a4a2034
Malware Config
Targets
-
-
Target
b1af67bcfaa99c369960580f86e7c1a42fc473dd85a0a4d3b1c989a6bc138a42
-
Size
269KB
-
MD5
e640bdb76d7b30cb9ca9250d5b6631e3
-
SHA1
0540792efa9eb7ecdcfce3340dc0be1204c1e8c8
-
SHA256
b1af67bcfaa99c369960580f86e7c1a42fc473dd85a0a4d3b1c989a6bc138a42
-
SHA512
0d9bbc8f82a212cbb92595f2d5e7e4e1bab00061286f04441dce4c383827e3d55a60afee4e1d52b2af4ded201c5c54c046a4065ca055cfa1448b807a4a4a2034
Score10/10-
SaintBot
Saint Bot is a malware dropper being used to deliver secondary payloads such as information stealers.
-
SaintBot Payload
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
suricata: ET MALWARE Saint Bot CnC Activity
suricata: ET MALWARE Saint Bot CnC Activity
-
suricata: ET MALWARE Trojan Generic - POST To gate.php with no referer
suricata: ET MALWARE Trojan Generic - POST To gate.php with no referer
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Drops file in System32 directory
-