General
-
Target
Spotify.Premium_new.zip
-
Size
36.2MB
-
Sample
240307-yv2f9sde4y
-
MD5
786f3ec67eedb647c2a0e302dde3e8ad
-
SHA1
ce7eb20d4f92b311e68b1d96ab8a512f86f25033
-
SHA256
a4d57041c5e3887574b62ec1606431a0be7f34db0a46ff6fdeeddf4a99efb526
-
SHA512
72e9cca13cae0a58ae0c5307f316f380157d28ca5fa433c49f4f71ca718f37aaa4f155413ebf59639a0a32c9ce8c4f67fc76774146f52e915a3f1699aef8a114
-
SSDEEP
786432:rfdR0W2pEvNCGzJkocFkwT+Hmdonhn30En/5TiI+7AE3toCwiK:5R0L6zafaAWFX+7kCs
Malware Config
Targets
-
-
Target
Spotify.Premium_new.zip
-
Size
36.2MB
-
MD5
786f3ec67eedb647c2a0e302dde3e8ad
-
SHA1
ce7eb20d4f92b311e68b1d96ab8a512f86f25033
-
SHA256
a4d57041c5e3887574b62ec1606431a0be7f34db0a46ff6fdeeddf4a99efb526
-
SHA512
72e9cca13cae0a58ae0c5307f316f380157d28ca5fa433c49f4f71ca718f37aaa4f155413ebf59639a0a32c9ce8c4f67fc76774146f52e915a3f1699aef8a114
-
SSDEEP
786432:rfdR0W2pEvNCGzJkocFkwT+Hmdonhn30En/5TiI+7AE3toCwiK:5R0L6zafaAWFX+7kCs
Score9/10-
Renames multiple (441) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
-
-
Target
Spotify Premium.apk
-
Size
51.4MB
-
MD5
b7eb19935f3058e49b481006d307dbce
-
SHA1
bebe1f3e5971f46e36777839cca5339d86ed108c
-
SHA256
7d20ab098f2bb7c1eca841ecbe1330aa7679833d278c4b2bb58c42d7005c16f3
-
SHA512
7a25fc09fb32f9aa84a6d747809f08a2983fbf802ae0b4c609b911dbff2be0782b2809b3e80e221e83093e8fd8d74c073b318954d7342592b08a4387d5e9f862
-
SSDEEP
786432:If/6/ilgtbouevIm22iqe8358mggmRtdbjhrUdE7kyHsO5ur:Iq/i+KJq3835ybd3hekNA
Score3/10 -