General

  • Target

    Spotify 1.0.0 version.exe

  • Size

    7.7MB

  • Sample

    240624-yj2mwszemf

  • MD5

    e16b75499a7aa73051e26c819c1c297a

  • SHA1

    6bd1bfd19abddf6fd4192ef0e9bbde5d2d462f3d

  • SHA256

    bb58690c9f4fd1d5d1ac7f592117fd30f599430457e217542cd037f06af04c2c

  • SHA512

    675eb69262b0adccc6e6606bd8893b9ca0048ae2a1284bb2d182592cec1ca4ef31094f2c421184a826cdfbd43b2255c2a01b8e5f6fee83866f221fc2a1bb2f82

  • SSDEEP

    98304:m+DjWM8JEbh1rsRamaHl3Ne4i3Tf2PkOpfW9hZMMoVmkzhxIdfmdx/WbeRGYKJJt:m+0CeNTfm/pf+xk4de/lRGtrbWOjgWy

Malware Config

Targets

    • Target

      Spotify 1.0.0 version.exe

    • Size

      7.7MB

    • MD5

      e16b75499a7aa73051e26c819c1c297a

    • SHA1

      6bd1bfd19abddf6fd4192ef0e9bbde5d2d462f3d

    • SHA256

      bb58690c9f4fd1d5d1ac7f592117fd30f599430457e217542cd037f06af04c2c

    • SHA512

      675eb69262b0adccc6e6606bd8893b9ca0048ae2a1284bb2d182592cec1ca4ef31094f2c421184a826cdfbd43b2255c2a01b8e5f6fee83866f221fc2a1bb2f82

    • SSDEEP

      98304:m+DjWM8JEbh1rsRamaHl3Ne4i3Tf2PkOpfW9hZMMoVmkzhxIdfmdx/WbeRGYKJJt:m+0CeNTfm/pf+xk4de/lRGtrbWOjgWy

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

    • Drops file in Drivers directory

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks