General
-
Target
SpotifySleepModeStopper_v1.8.exe
-
Size
5.6MB
-
Sample
240805-nnb8paydpf
-
MD5
293464f19e3a4cbeee190d03d54bdb04
-
SHA1
665c8d3687fedeb30b068f04f5778afd642767f1
-
SHA256
b2c16fdb2ebd661cbab49da23d4684d5a300fd008ea275f71d759ce6c56b8e5a
-
SHA512
d124b93731b420dd53d7834cc6e646fc48cf4608b0060bbb41154d0e78bd43d7c37ccab6adac6d9f6f0901043cf6588d24bf203fd73c531ce8439f96981bd6a5
-
SSDEEP
98304:R2UpxS396SFrwfFXH2UpxS396SFrwfFXk4kGm4km2Cdi:kUpI4SNUpI4SXNKg
Malware Config
Targets
-
-
Target
SpotifySleepModeStopper_v1.8.exe
-
Size
5.6MB
-
MD5
293464f19e3a4cbeee190d03d54bdb04
-
SHA1
665c8d3687fedeb30b068f04f5778afd642767f1
-
SHA256
b2c16fdb2ebd661cbab49da23d4684d5a300fd008ea275f71d759ce6c56b8e5a
-
SHA512
d124b93731b420dd53d7834cc6e646fc48cf4608b0060bbb41154d0e78bd43d7c37ccab6adac6d9f6f0901043cf6588d24bf203fd73c531ce8439f96981bd6a5
-
SSDEEP
98304:R2UpxS396SFrwfFXH2UpxS396SFrwfFXk4kGm4km2Cdi:kUpI4SNUpI4SXNKg
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Modify Registry
2Subvert Trust Controls
1Install Root Certificate
1