snakebot

General

Target

script.bat
Size

58B
Sample

231102-dts4aaff5t
MD5

0ee707c240e98ab4c3e14f76a5d6d107
SHA1

34cb86eaaca7d7da1532d193bd8d27b75fdf34ee
SHA256

2af962ad399e4fb17c59924ca84653c7044dd779f4e9e907813fced175b6611e
SHA512

147444ea1708ca7e8477ff64a63cc21741d79b58046d3b10a2720f369719f505b9c3f5bee58d08a477a016c07d96d3d7c36f3b330a9a67f381e07762a096c4ed

Score

10^/10

Malware Config

Targets

- Target
  
  script.bat
- Size
  
  58B
- MD5
  
  0ee707c240e98ab4c3e14f76a5d6d107
- SHA1
  
  34cb86eaaca7d7da1532d193bd8d27b75fdf34ee
- SHA256
  
  2af962ad399e4fb17c59924ca84653c7044dd779f4e9e907813fced175b6611e
- SHA512
  
  147444ea1708ca7e8477ff64a63cc21741d79b58046d3b10a2720f369719f505b9c3f5bee58d08a477a016c07d96d3d7c36f3b330a9a67f381e07762a096c4ed
Score

10^/10

snakebot discovery evasion persistence pyinstaller ransomware snakebot spyware stealer
- SnakeBOT
  SnakeBOT is a heavily obfuscated .NET downloader.
  snakebot
- Checks for common network interception software
  Looks in the registry for tools like Wireshark or Fiddler commonly used to analyze network activity.
  evasion
- Contains SnakeBOT related strings
  snakebot
- Blocklisted process makes network request
- Downloads MZ/PE file
- Drops file in Drivers directory
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Legitimate hosting services abused for malware hosting/C2
- Drops file in System32 directory
- Sets desktop wallpaper using registry
  ransomware
behavioral1