General
-
Target
SpotifySetup.exe
-
Size
908KB
-
Sample
230318-zl81esdf96
-
MD5
6d45e7add2d8706cbcfb83a1bc51542f
-
SHA1
3e054a4130d177b8e45dc269be36de703bd10016
-
SHA256
85cbdf1692b4fcfc7048a294e699690f04888d9aa9add254f4f6b185621fcb45
-
SHA512
24f39e918f7917ff1bfd97823f71ad29d3818c2ec127499dd569d6f086d9aca1313919e8df813451586b4d27a26a7a76a35017e685647ab601bf639b0b40e405
-
SSDEEP
12288:9EMtplakfLnYconjHg5SLcDNNP8LtNb+7+0jylcdbR4UG2OT:9EMtHakfs7g5SLcDNNP8LtNJ0jQkbReT
Static task
static1
Behavioral task
behavioral1
Sample
SpotifySetup.exe
Resource
win10-20230220-es
Malware Config
Targets
-
-
Target
SpotifySetup.exe
-
Size
908KB
-
MD5
6d45e7add2d8706cbcfb83a1bc51542f
-
SHA1
3e054a4130d177b8e45dc269be36de703bd10016
-
SHA256
85cbdf1692b4fcfc7048a294e699690f04888d9aa9add254f4f6b185621fcb45
-
SHA512
24f39e918f7917ff1bfd97823f71ad29d3818c2ec127499dd569d6f086d9aca1313919e8df813451586b4d27a26a7a76a35017e685647ab601bf639b0b40e405
-
SSDEEP
12288:9EMtplakfLnYconjHg5SLcDNNP8LtNb+7+0jylcdbR4UG2OT:9EMtHakfs7g5SLcDNNP8LtNJ0jQkbReT
Score10/10-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-