snakebot | 43bfa95bb6e99ca03c8fedd1c8f5c7ed628dd41601dbd5a5b60be3963b166387 | Triage

Submit
Reports

Overview

overview

Static

static

Flashpoint...ty.exe

windows10-2004-x64

Resubmissions

18-09-2022 03:22

220918-dxcwgaefbp 10

18-09-2022 03:10

220918-dn17psefar 3

Sharing

General

Target

Flashpoint 11 Infinity.exe
Size

790.3MB
Sample

220918-dxcwgaefbp
MD5

7555a9bcf4b2b389ecfe8b62312a4ba7
SHA1

cd6e87fc5bf5396d9d516d1f0d46f0597f043508
SHA256

43bfa95bb6e99ca03c8fedd1c8f5c7ed628dd41601dbd5a5b60be3963b166387
SHA512

774a75f0f950629fa4879866b76847ffcb877e5f35acc98b099cb40c235dc2f346ac3d696ab323f9dab84bd819b9b26b817dc5533a35f1c97a541d3c8b927ca8
SSDEEP

25165824:tXei5Jq4g/AXakUEsOcYqHuzF+PS5/5f3LkMy:tXNc4PFoHuJOu/5f3LDy

Score

10^/10

snakebot zloader botnet persistence snakebot trojan

Static task

static1

Behavioral task

behavioral1

Sample

Flashpoint 11 Infinity.exe

Resource

win10v2004-20220812-en

snakebot zloader botnet persistence snakebot trojan

windows10-2004-x64

25 signatures

1200 seconds

Malware Config

Targets

- Target
  
  Flashpoint 11 Infinity.exe
- Size
  
  790.3MB
- MD5
  
  7555a9bcf4b2b389ecfe8b62312a4ba7
- SHA1
  
  cd6e87fc5bf5396d9d516d1f0d46f0597f043508
- SHA256
  
  43bfa95bb6e99ca03c8fedd1c8f5c7ed628dd41601dbd5a5b60be3963b166387
- SHA512
  
  774a75f0f950629fa4879866b76847ffcb877e5f35acc98b099cb40c235dc2f346ac3d696ab323f9dab84bd819b9b26b817dc5533a35f1c97a541d3c8b927ca8
- SSDEEP
  
  25165824:tXei5Jq4g/AXakUEsOcYqHuzF+PS5/5f3LkMy:tXNc4PFoHuJOu/5f3LDy
Score

10^/10

snakebot zloader botnet persistence snakebot trojan
- SnakeBOT
  SnakeBOT is a heavily obfuscated .NET downloader.
  snakebot
- Zloader, Terdot, DELoader, ZeusSphinx
  Zloader is a malware strain that was initially discovered back in August 2015.
  trojan botnet zloader
- Contains SnakeBOT related strings
  snakebot
- Downloads MZ/PE file
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

snakebotzloaderbotnetpersistencesnakebottrojan

© 2018-2025

Terms | Privacy