saintbot | c33a905e513005cee9071ed10933b8e6a11be2335755660e3f7b2adf554f704a | Triage

Submit
Reports

Overview

overview

Static

static

3

c33a905e51...4a.exe

windows7-x64

c33a905e51...4a.exe

windows10-2004-x64

Sharing

General

Target

c33a905e513005cee9071ed10933b8e6a11be2335755660e3f7b2adf554f704a
Size

224KB
Sample

240410-rb57saac54
MD5

9ae3d8ba1311af690523aeb2e69bb469
SHA1

1357dbf294817122b1e193762fb3d66a5d73e651
SHA256

c33a905e513005cee9071ed10933b8e6a11be2335755660e3f7b2adf554f704a
SHA512

039c76556071c1d1e86fd344f671a6ff76eea067a18b8b90d9cb1c6334bd63e64a9bf19846daf2f1e5006b331f641d65162d946c85ee0e37c510ac52c5973f61
SSDEEP

3072:swA6vA1Cs1gm6LL0hX+t4cD1/JiwiX9nyntWyj5KLHXd6Buo3:i1Csam6LohX+t1yX9nMm3dpo

Score

10^/10

saintbot discovery dropper

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

c33a905e513005cee9071ed10933b8e6a11be2335755660e3f7b2adf554f704a.exe

Resource

win7-20240319-en

saintbot dropper

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

c33a905e513005cee9071ed10933b8e6a11be2335755660e3f7b2adf554f704a.exe

Resource

win10v2004-20240226-en

saintbot discovery dropper

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  c33a905e513005cee9071ed10933b8e6a11be2335755660e3f7b2adf554f704a
- Size
  
  224KB
- MD5
  
  9ae3d8ba1311af690523aeb2e69bb469
- SHA1
  
  1357dbf294817122b1e193762fb3d66a5d73e651
- SHA256
  
  c33a905e513005cee9071ed10933b8e6a11be2335755660e3f7b2adf554f704a
- SHA512
  
  039c76556071c1d1e86fd344f671a6ff76eea067a18b8b90d9cb1c6334bd63e64a9bf19846daf2f1e5006b331f641d65162d946c85ee0e37c510ac52c5973f61
- SSDEEP
  
  3072:swA6vA1Cs1gm6LL0hX+t4cD1/JiwiX9nyntWyj5KLHXd6Buo3:i1Csam6LohX+t1yX9nMm3dpo
Score

10^/10

saintbot dropper discovery
- SaintBot
  Saint Bot is a malware dropper being used to deliver secondary payloads such as information stealers.
  dropper saintbot
- SaintBot payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

saintbotdropper

behavioral2

saintbotdiscoverydropper

© 2018-2024

Terms | Privacy