saintbot | b6e34665dd0d045c2c79bf3148f34da0b877514a6b083b7c8c7e2577362463b3 | Triage

Submit
Reports

Overview

overview

Static

static

3

b6e34665dd...b3.exe

windows7-x64

b6e34665dd...b3.exe

windows10-2004-x64

Sharing

General

Target

b6e34665dd0d045c2c79bf3148f34da0b877514a6b083b7c8c7e2577362463b3
Size

286KB
Sample

240410-q12efshg26
MD5

ae37c9bfa13df2a6353039fe6e7a54e7
SHA1

c99c15bd925d9364b5101f490bdcb05e3227b2cf
SHA256

b6e34665dd0d045c2c79bf3148f34da0b877514a6b083b7c8c7e2577362463b3
SHA512

e3479b662caac02be072fcec2ac1bba54c3a0a2d78df62d747708f42fc67f8cabe1242180bee744895e1f24506c03bfda337e37e080ee7bb3e44e77de451fdde
SSDEEP

6144:z8VeNC4tR5LRKate2VeurF6sdLDpvadak:z8VyC4lFKZ2VlpHaYk

Score

10^/10

saintbot discovery dropper persistence

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

b6e34665dd0d045c2c79bf3148f34da0b877514a6b083b7c8c7e2577362463b3.exe

Resource

win7-20240221-en

saintbot discovery dropper

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

b6e34665dd0d045c2c79bf3148f34da0b877514a6b083b7c8c7e2577362463b3.exe

Resource

win10v2004-20240226-en

saintbot discovery dropper persistence

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Targets

- Target
  
  b6e34665dd0d045c2c79bf3148f34da0b877514a6b083b7c8c7e2577362463b3
- Size
  
  286KB
- MD5
  
  ae37c9bfa13df2a6353039fe6e7a54e7
- SHA1
  
  c99c15bd925d9364b5101f490bdcb05e3227b2cf
- SHA256
  
  b6e34665dd0d045c2c79bf3148f34da0b877514a6b083b7c8c7e2577362463b3
- SHA512
  
  e3479b662caac02be072fcec2ac1bba54c3a0a2d78df62d747708f42fc67f8cabe1242180bee744895e1f24506c03bfda337e37e080ee7bb3e44e77de451fdde
- SSDEEP
  
  6144:z8VeNC4tR5LRKate2VeurF6sdLDpvadak:z8VyC4lFKZ2VlpHaYk
Score

10^/10

saintbot discovery dropper persistence
- SaintBot
  Saint Bot is a malware dropper being used to deliver secondary payloads such as information stealers.
  dropper saintbot
- SaintBot payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Remote System Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

saintbotdiscoverydropper

behavioral2

saintbotdiscoverydropperpersistence

© 2018-2024

Terms | Privacy