saintbot | 91f0ea31d908f46e89dcc0257c517c876194f9688fd9a2d5b2f9e82074ce0f94 | Triage

Submit
Reports

Overview

overview

Static

static

91f0ea31d9...94.exe

windows7_x64

8

91f0ea31d9...94.exe

windows10-2004_x64

Sharing

General

Target

91f0ea31d908f46e89dcc0257c517c876194f9688fd9a2d5b2f9e82074ce0f94
Size

181KB
Sample

220306-wjcyesdcf3
MD5

a115d8a1ec2c5e1a95de6e5174234620
SHA1

488b8136823221cedf7749ebd27a296441d022f6
SHA256

91f0ea31d908f46e89dcc0257c517c876194f9688fd9a2d5b2f9e82074ce0f94
SHA512

983457e5de16fb9d5bbb0e4629aac76b08057da5d3742b644f4e9ac4f96f56f83532a0155f39d14b0e4254b7b8c95e94b38ffe08f9fca958d511118bdae8923c

Score

10^/10

saintbot discovery dropper persistence

Static task

static1

Behavioral task

behavioral1

Sample

91f0ea31d908f46e89dcc0257c517c876194f9688fd9a2d5b2f9e82074ce0f94.exe

Resource

win7-20220223-en

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

91f0ea31d908f46e89dcc0257c517c876194f9688fd9a2d5b2f9e82074ce0f94.exe

Resource

win10v2004-en-20220113

saintbot discovery dropper persistence

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  91f0ea31d908f46e89dcc0257c517c876194f9688fd9a2d5b2f9e82074ce0f94
- Size
  
  181KB
- MD5
  
  a115d8a1ec2c5e1a95de6e5174234620
- SHA1
  
  488b8136823221cedf7749ebd27a296441d022f6
- SHA256
  
  91f0ea31d908f46e89dcc0257c517c876194f9688fd9a2d5b2f9e82074ce0f94
- SHA512
  
  983457e5de16fb9d5bbb0e4629aac76b08057da5d3742b644f4e9ac4f96f56f83532a0155f39d14b0e4254b7b8c95e94b38ffe08f9fca958d511118bdae8923c
Score

10^/10

saintbot discovery dropper persistence
- SaintBot
  Saint Bot is a malware dropper being used to deliver secondary payloads such as information stealers.
  dropper saintbot
- SaintBot Payload
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

saintbotdiscoverydropperpersistence

© 2018-2024

Terms | Privacy