snakebot | bb6613a2197d700f1de13071a51db4f39b89a49c644c5bae88f85beabdd6bb82 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

bb6613a219...82.exe

windows7-x64

bb6613a219...82.exe

windows10-2004-x64

Sharing

General

Target

bb6613a2197d700f1de13071a51db4f39b89a49c644c5bae88f85beabdd6bb82.exe
Size

39.4MB
Sample

240128-lbc84sfgc6
MD5

41ebf2a8592555752b292eb79dcd4999
SHA1

9d545a5d5301be624d984cb9e5c548724d2469fa
SHA256

bb6613a2197d700f1de13071a51db4f39b89a49c644c5bae88f85beabdd6bb82
SHA512

ede55bd5c9127b1dea72090678eb63974419c6db17267619a9216fc943878b5b7c2753442056f369f4fc7f8b71c0477e369011e894f1aee7488f532e7e9614e7
SSDEEP

786432:7AFxHgmsbPsgpFGhcmfQyHHY6asgYYj4xh7ITHLmujOcVD4:0PgmsbPs8HmIyArYI4DCKkO64

Score

10^/10

snakebot discovery snakebot

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

bb6613a2197d700f1de13071a51db4f39b89a49c644c5bae88f85beabdd6bb82.exe

Resource

win7-20231215-en

snakebot discovery snakebot

windows7-x64

19 signatures

300 seconds

Behavioral task

behavioral2

Sample

bb6613a2197d700f1de13071a51db4f39b89a49c644c5bae88f85beabdd6bb82.exe

Resource

win10v2004-20231215-en

snakebot discovery snakebot

windows10-2004-x64

17 signatures

300 seconds

Malware Config

Targets

- Target
  
  bb6613a2197d700f1de13071a51db4f39b89a49c644c5bae88f85beabdd6bb82.exe
- Size
  
  39.4MB
- MD5
  
  41ebf2a8592555752b292eb79dcd4999
- SHA1
  
  9d545a5d5301be624d984cb9e5c548724d2469fa
- SHA256
  
  bb6613a2197d700f1de13071a51db4f39b89a49c644c5bae88f85beabdd6bb82
- SHA512
  
  ede55bd5c9127b1dea72090678eb63974419c6db17267619a9216fc943878b5b7c2753442056f369f4fc7f8b71c0477e369011e894f1aee7488f532e7e9614e7
- SSDEEP
  
  786432:7AFxHgmsbPsgpFGhcmfQyHHY6asgYYj4xh7ITHLmujOcVD4:0PgmsbPs8HmIyArYI4DCKkO64
Score

10^/10

snakebot discovery snakebot
- SnakeBOT
  SnakeBOT is a heavily obfuscated .NET downloader.
  snakebot
- Contains SnakeBOT related strings
  snakebot
- Downloads MZ/PE file
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

snakebotdiscoverysnakebot

behavioral2

snakebotdiscoverysnakebot

© 2018-2025

Terms | Privacy

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.