saintbot | 4715a5009de403edd2dd480cf5c78531ee937381f2e69e0fb265b2e9f81f15c4 | Triage

Submit
Reports

Overview

overview

Static

static

3

4715a5009d...c4.exe

windows7-x64

4715a5009d...c4.exe

windows10-2004-x64

Sharing

General

Target

4715a5009de403edd2dd480cf5c78531ee937381f2e69e0fb265b2e9f81f15c4
Size

493KB
Sample

240410-msb8tafh3s
MD5

eb332fd9cc8be8e6a60d4ff9c5f5fcf7
SHA1

e18df098c2fcb6a3961c310fdde58106e07ef9c0
SHA256

4715a5009de403edd2dd480cf5c78531ee937381f2e69e0fb265b2e9f81f15c4
SHA512

6557930a1f572627d378a38137ceb852221f9363e881cfe09396c8a0bdb181834b269d9594b30404c77b79f91b73348fe0dbab99263d29821fa2ce432108d3c7
SSDEEP

12288:BuhtvdReEyemChwq/AIIS+EtqgqgPxrbjitolNHISFjZ:obPAIIS+3N

Score

10^/10

saintbot discovery dropper persistence

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

4715a5009de403edd2dd480cf5c78531ee937381f2e69e0fb265b2e9f81f15c4.exe

Resource

win7-20240221-en

saintbot dropper

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

4715a5009de403edd2dd480cf5c78531ee937381f2e69e0fb265b2e9f81f15c4.exe

Resource

win10v2004-20240226-en

saintbot discovery dropper persistence

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  4715a5009de403edd2dd480cf5c78531ee937381f2e69e0fb265b2e9f81f15c4
- Size
  
  493KB
- MD5
  
  eb332fd9cc8be8e6a60d4ff9c5f5fcf7
- SHA1
  
  e18df098c2fcb6a3961c310fdde58106e07ef9c0
- SHA256
  
  4715a5009de403edd2dd480cf5c78531ee937381f2e69e0fb265b2e9f81f15c4
- SHA512
  
  6557930a1f572627d378a38137ceb852221f9363e881cfe09396c8a0bdb181834b269d9594b30404c77b79f91b73348fe0dbab99263d29821fa2ce432108d3c7
- SSDEEP
  
  12288:BuhtvdReEyemChwq/AIIS+EtqgqgPxrbjitolNHISFjZ:obPAIIS+3N
Score

10^/10

saintbot dropper discovery persistence
- SaintBot
  Saint Bot is a malware dropper being used to deliver secondary payloads such as information stealers.
  dropper saintbot
- SaintBot payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

saintbotdropper

behavioral2

saintbotdiscoverydropperpersistence

© 2018-2024

Terms | Privacy