saintbot | a61725f3b57fd45487688ad06f152d0db139a6cb29f3515ea90ffe15cb7e9a7a | Triage

Submit
Reports

Overview

overview

Static

static

3

a61725f3b5...7a.exe

windows7-x64

a61725f3b5...7a.exe

windows10-2004-x64

Sharing

General

Target

a61725f3b57fd45487688ad06f152d0db139a6cb29f3515ea90ffe15cb7e9a7a
Size

225KB
Sample

240410-qfkafaca3w
MD5

3b6f68801cade1cd388138500fd8e986
SHA1

9bc818e0e6ef9aaafb02065800a97d8bd98ee76d
SHA256

a61725f3b57fd45487688ad06f152d0db139a6cb29f3515ea90ffe15cb7e9a7a
SHA512

f2931a7871491f580b94ee7dc1f0d24b50cce1464b92100b21ff3adadf15e64864b34da00bbe0709e7f0f50316fd79ef2edacd5842b16e20407634c6c514fcbe
SSDEEP

3072:5wA6vA3hLwgXQKXStY70rmSFFXJicCdmWSMXg+j5HlZhUW+gDAR:z3hLRXQKitY7GFFxCdm+9DUWF

Score

10^/10

saintbot discovery dropper

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

a61725f3b57fd45487688ad06f152d0db139a6cb29f3515ea90ffe15cb7e9a7a.exe

Resource

win7-20240221-en

saintbot discovery dropper

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

a61725f3b57fd45487688ad06f152d0db139a6cb29f3515ea90ffe15cb7e9a7a.exe

Resource

win10v2004-20240226-en

saintbot discovery dropper

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  a61725f3b57fd45487688ad06f152d0db139a6cb29f3515ea90ffe15cb7e9a7a
- Size
  
  225KB
- MD5
  
  3b6f68801cade1cd388138500fd8e986
- SHA1
  
  9bc818e0e6ef9aaafb02065800a97d8bd98ee76d
- SHA256
  
  a61725f3b57fd45487688ad06f152d0db139a6cb29f3515ea90ffe15cb7e9a7a
- SHA512
  
  f2931a7871491f580b94ee7dc1f0d24b50cce1464b92100b21ff3adadf15e64864b34da00bbe0709e7f0f50316fd79ef2edacd5842b16e20407634c6c514fcbe
- SSDEEP
  
  3072:5wA6vA3hLwgXQKXStY70rmSFFXJicCdmWSMXg+j5HlZhUW+gDAR:z3hLRXQKitY7GFFxCdm+9DUWF
Score

10^/10

saintbot discovery dropper
- SaintBot
  Saint Bot is a malware dropper being used to deliver secondary payloads such as information stealers.
  dropper saintbot
- SaintBot payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Remote System Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

saintbotdiscoverydropper

behavioral2

saintbotdiscoverydropper

© 2018-2024

Terms | Privacy