Overview

overview

10

Static

static

1

setup_unde...8).exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    setup_undertale_1.08_(18328).exe

  • Size

    126.7MB

  • Sample

    230729-3jewcagb7t

  • MD5

    69a1054bcf85084cc4bc33e332f1844d

  • SHA1

    a3db1a7c5a07ea07c31d40ab4c7685215ac4f170

  • SHA256

    21fbcab3c652d5af9efe57454d60d5a5057773e1c234ed16ae14233724502b44

  • SHA512

    f57df05d2d5db04cb48a1d72070ac5d76ae29620cca314817fbfbb30d42c2150115ac510acb216095115c210fe2eee80575ffc78a36fd455e72e4de9492b4f81

  • SSDEEP

    3145728:WSHIqNWvNc0rn+0fslfSob+5Framz9LQMj5jMgQN7:WytNAfcSob2NaoLQ+7c7

Score
10/10
snakebotdiscoverysnakebot

Malware Config

Targets

    • Target

      setup_undertale_1.08_(18328).exe

    • Size

      126.7MB

    • MD5

      69a1054bcf85084cc4bc33e332f1844d

    • SHA1

      a3db1a7c5a07ea07c31d40ab4c7685215ac4f170

    • SHA256

      21fbcab3c652d5af9efe57454d60d5a5057773e1c234ed16ae14233724502b44

    • SHA512

      f57df05d2d5db04cb48a1d72070ac5d76ae29620cca314817fbfbb30d42c2150115ac510acb216095115c210fe2eee80575ffc78a36fd455e72e4de9492b4f81

    • SSDEEP

      3145728:WSHIqNWvNc0rn+0fslfSob+5Framz9LQMj5jMgQN7:WytNAfcSob2NaoLQ+7c7

    Score
    10/10
    snakebotdiscoverysnakebot

    • SnakeBOT

      SnakeBOT is a heavily obfuscated .NET downloader.

      snakebot

    • Contains SnakeBOT related strings

      snakebot

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies file permissions

      discovery

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Drops desktop.ini file(s)

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks