General

  • Target

    a7913461e211158d5ac34ac3bd06bc7b_JaffaCakes118

  • Size

    501KB

  • Sample

    240818-v21lrsydjm

  • MD5

    a7913461e211158d5ac34ac3bd06bc7b

  • SHA1

    71c3f7a9eac34b0b5ccd5ec2df01f9c95f14235b

  • SHA256

    5fc108db5114be4174cb9365f86a17e25164a05cc1e90ef9ee29ab30abed3a13

  • SHA512

    8107feec4426f820d3910e35d6e3c1a1aa85a104231a0529f7fcd825f2dfec10fbf856bc2b37c585a34f5d03b514ece7f54b600add6fb668cda0c7d1a7374e04

  • SSDEEP

    6144:9moTTLsn36PcB1jtNSHoLR0XbZEpGidU7H6MFkc6iTISTas6oe2wgaMzHXDvVGLn:EoFPoJ3Su0lEpGiexs6asFPw2zvVe

Malware Config

Targets

    • Target

      a7913461e211158d5ac34ac3bd06bc7b_JaffaCakes118

    • Size

      501KB

    • MD5

      a7913461e211158d5ac34ac3bd06bc7b

    • SHA1

      71c3f7a9eac34b0b5ccd5ec2df01f9c95f14235b

    • SHA256

      5fc108db5114be4174cb9365f86a17e25164a05cc1e90ef9ee29ab30abed3a13

    • SHA512

      8107feec4426f820d3910e35d6e3c1a1aa85a104231a0529f7fcd825f2dfec10fbf856bc2b37c585a34f5d03b514ece7f54b600add6fb668cda0c7d1a7374e04

    • SSDEEP

      6144:9moTTLsn36PcB1jtNSHoLR0XbZEpGidU7H6MFkc6iTISTas6oe2wgaMzHXDvVGLn:EoFPoJ3Su0lEpGiexs6asFPw2zvVe

    • SaintBot

      Saint Bot is a malware dropper being used to deliver secondary payloads such as information stealers.

    • SaintBot payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Indicator Removal: File Deletion

      Adversaries may delete files left behind by the actions of their intrusion activity.

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.