Resubmissions

04-07-2024 06:50

240704-hlz9va1gld 7

26-09-2023 18:23

230926-w1zthsea33 10

General

  • Target

    undertalefree.exe

  • Size

    126.7MB

  • Sample

    230926-w1zthsea33

  • MD5

    69a1054bcf85084cc4bc33e332f1844d

  • SHA1

    a3db1a7c5a07ea07c31d40ab4c7685215ac4f170

  • SHA256

    21fbcab3c652d5af9efe57454d60d5a5057773e1c234ed16ae14233724502b44

  • SHA512

    f57df05d2d5db04cb48a1d72070ac5d76ae29620cca314817fbfbb30d42c2150115ac510acb216095115c210fe2eee80575ffc78a36fd455e72e4de9492b4f81

  • SSDEEP

    3145728:WSHIqNWvNc0rn+0fslfSob+5Framz9LQMj5jMgQN7:WytNAfcSob2NaoLQ+7c7

Malware Config

Targets

    • Target

      undertalefree.exe

    • Size

      126.7MB

    • MD5

      69a1054bcf85084cc4bc33e332f1844d

    • SHA1

      a3db1a7c5a07ea07c31d40ab4c7685215ac4f170

    • SHA256

      21fbcab3c652d5af9efe57454d60d5a5057773e1c234ed16ae14233724502b44

    • SHA512

      f57df05d2d5db04cb48a1d72070ac5d76ae29620cca314817fbfbb30d42c2150115ac510acb216095115c210fe2eee80575ffc78a36fd455e72e4de9492b4f81

    • SSDEEP

      3145728:WSHIqNWvNc0rn+0fslfSob+5Framz9LQMj5jMgQN7:WytNAfcSob2NaoLQ+7c7

    • SnakeBOT

      SnakeBOT is a heavily obfuscated .NET downloader.

    • Contains SnakeBOT related strings

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies file permissions

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops desktop.ini file(s)

MITRE ATT&CK Enterprise v15

Tasks