saintbot | 50d95caf72714020836b397fbbbb75e01a5732114bcd51aeae9e36d12b93ed58 | Triage

Submit
Reports

Overview

overview

Static

static

50d95caf72...58.exe

windows7_x64

9

50d95caf72...58.exe

windows10-2004_x64

Sharing

General

Target

50d95caf72714020836b397fbbbb75e01a5732114bcd51aeae9e36d12b93ed58
Size

876KB
Sample

220310-xb7cqsaba2
MD5

c56f66280de5fe29f75e72525ac54fe1
SHA1

79928f9c7ed0cea9850bf98db365ee59371399e3
SHA256

50d95caf72714020836b397fbbbb75e01a5732114bcd51aeae9e36d12b93ed58
SHA512

f65bdfd1e58440ed6febb95b07d5a8e9afafe28a322ae78fa79228be5a9ae48e6064c8d304d8008eb4d3b8d468a5c9f1162dd1e0eb47d43daa018dee864b995e

Score

10^/10

saintbot discovery dropper evasion

Static task

static1

Behavioral task

behavioral1

Sample

50d95caf72714020836b397fbbbb75e01a5732114bcd51aeae9e36d12b93ed58.exe

Resource

win7-en-20211208

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

50d95caf72714020836b397fbbbb75e01a5732114bcd51aeae9e36d12b93ed58.exe

Resource

win10v2004-en-20220112

saintbot discovery dropper evasion

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  50d95caf72714020836b397fbbbb75e01a5732114bcd51aeae9e36d12b93ed58
- Size
  
  876KB
- MD5
  
  c56f66280de5fe29f75e72525ac54fe1
- SHA1
  
  79928f9c7ed0cea9850bf98db365ee59371399e3
- SHA256
  
  50d95caf72714020836b397fbbbb75e01a5732114bcd51aeae9e36d12b93ed58
- SHA512
  
  f65bdfd1e58440ed6febb95b07d5a8e9afafe28a322ae78fa79228be5a9ae48e6064c8d304d8008eb4d3b8d468a5c9f1162dd1e0eb47d43daa018dee864b995e
Score

10^/10

saintbot discovery dropper evasion
- SaintBot
  Saint Bot is a malware dropper being used to deliver secondary payloads such as information stealers.
  dropper saintbot
- SaintBot Payload
- Nirsoft
- Executes dropped EXE
- Stops running service(s)
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

behavioral2

saintbotdiscoverydropperevasion

© 2018-2024

Terms | Privacy