81c05296fec1e8708fb461d88c5d51567d12e83539119e2fb5255ec7feccc8f1 | Triage

Submit
Reports

Overview

overview

9

Static

static

7

Spotify 1....up.exe

windows7-x64

9

Spotify 1....up.exe

windows10-2004-x64

9

Sharing

General

Target

Spotify 1.1.90.859.zip
Size

2.9MB
Sample

220820-z966qsbdc8
MD5

c6081ae57007b312391b222ab244c5c0
SHA1

2f8eb1a698a37dd6c5b97b5ba9c8bf8518c9a083
SHA256

81c05296fec1e8708fb461d88c5d51567d12e83539119e2fb5255ec7feccc8f1
SHA512

128442e464c4f83a49c429242113ef6eca1dc721d7b019e9d328877f8283d2fb08b06be43dc5592c53212722e1376b0ba0b22cf9ebb774e826e6042f72b7a169
SSDEEP

49152:R/HvZcKgagq1xbtvFMxzlAgzqN/nME1YAfUoJyR6B/c9L:R/HKKga5Pbt8zlAgzGME1YAFYOkL

Score

9^/10

evasion themida trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Spotify 1.1.90.859/Setup.exe

Resource

win7-20220812-en

evasion themida trojan

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

Spotify 1.1.90.859/Setup.exe

Resource

win10v2004-20220812-en

evasion themida trojan

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Targets

- Target
  
  Spotify 1.1.90.859/Setup.exe
- Size
  
  394.2MB
- MD5
  
  41333aee20ae82b2b27a67d24c1f1806
- SHA1
  
  19193394450c45259f51b6e60ffec0eda76c2a57
- SHA256
  
  35a3a71400a3162ab5a8e9db3d08ff8ac32c139176e4a8b3048c492626c1109e
- SHA512
  
  dbc528030305a4cd2d8722a7ba942f4ab3230cfbf220ee8eca5c19737022c64ffc73481daba5a445b05034514bb50c7bf393e94b77933f3f8740031a5bcb8c29
- SSDEEP
  
  49152:Zb1F6eQ+yYkyPbDbT0RW7IjPfat/6lrLwodKq9T/Oz/:Z1vmWEY/6BwyLby/
Score

9^/10

evasion themida trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

Virtualization/Sandbox Evasion

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

evasionthemidatrojan

behavioral2

evasionthemidatrojan

© 2018-2024

Terms | Privacy