Overview

overview

10

Static

static

3

Kamber.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Kamber.exe

  • Size

    7.6MB

  • Sample

    230107-c2gvjsce82

  • MD5

    79b9de646532617e787f340bb1cbdc10

  • SHA1

    5708a7e99172b31072b1dbda0f8be6dbe1a648e4

  • SHA256

    93bd2724f3cc25cc7c264990adc0e4152a871c647a7d963d00b81456b9e66020

  • SHA512

    fc24baecec2584915fbfade20801abdf725433bf5c436a0264b330e653bb9335678793d316390f58a852d216a3106ec59bf5011f39fe09a2066ca77eb08fb504

  • SSDEEP

    196608:N1EbGXpIJOICteEroXxCzlxZV3Gu5D4S26/XCfCS3e/J+91fR:nEPOInEroX414S2uyfCJ+Pp

Score
10/10
snakebotpyinstallersnakebot

Malware Config

Targets

    • Target

      Kamber.exe

    • Size

      7.6MB

    • MD5

      79b9de646532617e787f340bb1cbdc10

    • SHA1

      5708a7e99172b31072b1dbda0f8be6dbe1a648e4

    • SHA256

      93bd2724f3cc25cc7c264990adc0e4152a871c647a7d963d00b81456b9e66020

    • SHA512

      fc24baecec2584915fbfade20801abdf725433bf5c436a0264b330e653bb9335678793d316390f58a852d216a3106ec59bf5011f39fe09a2066ca77eb08fb504

    • SSDEEP

      196608:N1EbGXpIJOICteEroXxCzlxZV3Gu5D4S26/XCfCS3e/J+91fR:nEPOInEroX414S2uyfCJ+Pp

    Score
    10/10
    snakebotsnakebot

    • SnakeBOT

      SnakeBOT is a heavily obfuscated .NET downloader.

      snakebot

    • Contains SnakeBOT related strings

      snakebot

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Tasks