General

  • Target

    e8207e8c31a8613112223d126d4f12e7a5f8caf4acaaf40834302ce49f37cc9c

  • Size

    30KB

  • Sample

    240410-r3x1gsbe86

  • MD5

    ab2a92e0fc5a6f63336e442f34089f16

  • SHA1

    24f71409bde9d01e3519236e66f3452236302e46

  • SHA256

    e8207e8c31a8613112223d126d4f12e7a5f8caf4acaaf40834302ce49f37cc9c

  • SHA512

    50a7e2d4454bd3914cf55fe188f920e08b895c16b9eee498aea2cb71944caf3a3c1266d3b73046179412fd996dfaf48f03fdb39d5662310aa7859faa29d7970e

  • SSDEEP

    768:I9PbKQ0paZvZFH5v5D8umAuHr+EGsmHDHh7ow8JEW9fkG5Qrhb9wF/nACkh8o2:UPbQcZvZFtBGLKDB7o/o2

Malware Config

Targets

    • Target

      e8207e8c31a8613112223d126d4f12e7a5f8caf4acaaf40834302ce49f37cc9c

    • Size

      30KB

    • MD5

      ab2a92e0fc5a6f63336e442f34089f16

    • SHA1

      24f71409bde9d01e3519236e66f3452236302e46

    • SHA256

      e8207e8c31a8613112223d126d4f12e7a5f8caf4acaaf40834302ce49f37cc9c

    • SHA512

      50a7e2d4454bd3914cf55fe188f920e08b895c16b9eee498aea2cb71944caf3a3c1266d3b73046179412fd996dfaf48f03fdb39d5662310aa7859faa29d7970e

    • SSDEEP

      768:I9PbKQ0paZvZFH5v5D8umAuHr+EGsmHDHh7ow8JEW9fkG5Qrhb9wF/nACkh8o2:UPbQcZvZFtBGLKDB7o/o2

    • SaintBot

      Saint Bot is a malware dropper being used to deliver secondary payloads such as information stealers.

    • SaintBot payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks