saintbot | 75f728fa692347e096386acd19a5da9b02dca372b66918be7171c522d9c6b42d | Triage

Submit
Reports

Overview

overview

Static

static

1

75f728fa69...2d.exe

windows7-x64

75f728fa69...2d.exe

windows10-2004-x64

7

Sharing

General

Target

75f728fa692347e096386acd19a5da9b02dca372b66918be7171c522d9c6b42d
Size

600KB
Sample

240410-n26pfshh51
MD5

363e2b62f93c58c177e58dbe0a247fa0
SHA1

e8abab85ccbaf646305aa5a786c0894d59bdcfd1
SHA256

75f728fa692347e096386acd19a5da9b02dca372b66918be7171c522d9c6b42d
SHA512

167734875f50d7e5cfa2ea8515b492d6ad18c5bc9ba881bbde520f0d0b79300af61c5bb42860fb613348933415d0518933d41e50ae837a8d5796d50b533932a3
SSDEEP

12288:hG5zC9ttHHIE8GlfXsIY8yMCa5XfP1D4+AAg6O:YcBDlPS8yM3XSmgZ

Score

10^/10

saintbot discovery dropper

Static task

static1

Behavioral task

behavioral1

Sample

75f728fa692347e096386acd19a5da9b02dca372b66918be7171c522d9c6b42d.exe

Resource

win7-20240220-en

saintbot discovery dropper

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

75f728fa692347e096386acd19a5da9b02dca372b66918be7171c522d9c6b42d.exe

Resource

win10v2004-20240226-en

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Targets

- Target
  
  75f728fa692347e096386acd19a5da9b02dca372b66918be7171c522d9c6b42d
- Size
  
  600KB
- MD5
  
  363e2b62f93c58c177e58dbe0a247fa0
- SHA1
  
  e8abab85ccbaf646305aa5a786c0894d59bdcfd1
- SHA256
  
  75f728fa692347e096386acd19a5da9b02dca372b66918be7171c522d9c6b42d
- SHA512
  
  167734875f50d7e5cfa2ea8515b492d6ad18c5bc9ba881bbde520f0d0b79300af61c5bb42860fb613348933415d0518933d41e50ae837a8d5796d50b533932a3
- SSDEEP
  
  12288:hG5zC9ttHHIE8GlfXsIY8yMCa5XfP1D4+AAg6O:YcBDlPS8yM3XSmgZ
Score

10^/10

saintbot discovery dropper
- SaintBot
  Saint Bot is a malware dropper being used to deliver secondary payloads such as information stealers.
  dropper saintbot
- SaintBot payload
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

saintbotdiscoverydropper

behavioral2

© 2018-2024

Terms | Privacy