General
-
Target
spotify no ads.zip
-
Size
396KB
-
Sample
240701-bsd7masard
-
MD5
16403509ed0d601121fa0a073552df09
-
SHA1
1f4efc9b38c02e4e1b905d101ffe5a3b6c2ad4d6
-
SHA256
a3d66398045b5d0e1af48194f591bfb0cd2a2b51ddf2fbd93def502c6a0d989b
-
SHA512
391f83855a0efc08b731b36eec23b2dd82a5b75885741c34eec8519bc0342a13be2de0b7af5b46d56117320f50c6e7131254992dcba45e33547af59df79f5151
-
SSDEEP
12288:IhM7XABSBp/D2yvP7gvgxel5Viux5PJkD:qM7XAOCeCgOiq5RkD
Static task
static1
Behavioral task
behavioral1
Sample
New folder/Install_Auto.bat
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
New folder/Install_Auto.bat
Resource
win10v2004-20240611-en
Behavioral task
behavioral3
Sample
New folder/SpotifySetup.exe
Resource
win7-20240508-en
Behavioral task
behavioral4
Sample
New folder/SpotifySetup.exe
Resource
win10v2004-20240611-en
Malware Config
Targets
-
-
Target
New folder/Install_Auto.bat
-
Size
481B
-
MD5
4a2fc5b639477dd1c96cd75e09638a57
-
SHA1
f9bf0cd572a26b0f3cb150952f28dee107699b87
-
SHA256
50159f10ba5ff9bd70a553acd689f26bd980555c2d9cdb68f42b5f3d3b7fd351
-
SHA512
8bf2924c22645931f270b4ef7d41897cdbb9eb8df26f6d9e973acd7be6a2739bb9ac061124fe8bc3b9cfe7910e86c9b99545fda24b80f6f5b4b3c943e7662e0f
Score8/10-
Blocklisted process makes network request
-
Legitimate hosting services abused for malware hosting/C2
-
-
-
Target
New folder/SpotifySetup.exe
-
Size
996KB
-
MD5
ad3a0720f1f13cee556c39d0574b77cb
-
SHA1
bce0681ba0026958c72e54b9c2945e158cdc4f79
-
SHA256
e7d41f1cfb052067da58c21e81033381b372df8645983a7e29132fbad0677a0c
-
SHA512
f9ba750e14490ba39c587cc6db6551728b473d95bf4eb38a5aa271dcd298554c12d95035f3354caf379f67f23af6959bbe937340656de26149900e8297fe2307
-
SSDEEP
12288:xR4iEp29TvYnr9KIV9CJ8I/Ec3AqKhrHnLtvg1lkQPjO7PmsZ:o29byKC9CJ8I/ESKhvtSpK7PmsZ
Score6/10-
Adds Run key to start application
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-