1cb6ad7e145fc1ca37eb9007d2338a68d51a5dd960d99a560f1d1eed218c194a

Submit
Reports

Overview

overview

Static

static

Payload/Sp...ts.pdf

windows7-x64

Payload/Sp...ts.pdf

windows10-2004-x64

Payload/Sp...s/cycc

ubuntu-18.04-amd64

Payload/Sp...s/cycc

debian-9-armhf

Payload/Sp...s/cycc

debian-9-mips

Payload/Sp...s/cycc

debian-9-mipsel

Payload/Sp...ynject

macos-10.15-amd64

Payload/Sp....dylib

macos-10.15-amd64

Payload/Sp....dylib

macos-10.15-amd64

Payload/Sp....dylib

macos-10.15-amd64

Payload/Sp....dylib

macos-10.15-amd64

Payload/Sp....dylib

macos-10.15-amd64

Payload/Sp....dylib

macos-10.15-amd64

Payload/Sp....dylib

macos-10.15-amd64

Payload/Sp....dylib

macos-10.15-amd64

Payload/Sp....dylib

macos-10.15-amd64

Payload/Sp....dylib

macos-10.15-amd64

Payload/Sp....dylib

macos-10.15-amd64

Payload/Sp....dylib

macos-10.15-amd64

Payload/Sp....dylib

macos-10.15-amd64

Payload/Sp....dylib

macos-10.15-amd64

Payload/Sp....dylib

macos-10.15-amd64

Payload/Sp....dylib

macos-10.15-amd64

Payload/Sp....dylib

macos-10.15-amd64

Payload/Sp....dylib

macos-10.15-amd64

Payload/Sp....dylib

macos-10.15-amd64

Payload/Sp....dylib

macos-10.15-amd64

Payload/Sp....dylib

macos-10.15-amd64

Payload/Sp....dylib

macos-10.15-amd64

Payload/Sp....dylib

macos-10.15-amd64

Payload/Sp....dylib

macos-10.15-amd64

Payload/Sp....dylib

macos-10.15-amd64

Analysis

max time kernel
78s
max time network
109s
platform
macos-10.15_amd64
resource
macos-20241106-en
resource tags

arch:amd64arch:i386image:macos-20241106-enkernel:19b77alocale:en-usos:macos-10.15-amd64system
submitted
03-12-2024 12:23

Sharing

Copy URL

Twitter E-mail

Static task

static1

pdf evasion

1 signatures

Behavioral task

behavioral1

Sample

Payload/Spotify.app/Assets.pdf

Resource

win7-20240903-en

discovery

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral2

Sample

Payload/Spotify.app/Assets.pdf

Resource

win10v2004-20241007-en

discovery

windows10-2004-x64

6 signatures

150 seconds

Behavioral task

behavioral3

Sample

Payload/Spotify.app/Frameworks/CydiaSubstrate.framework/Commands/cycc

Resource

ubuntu1804-amd64-20240611-en

ubuntu-18.04-amd64

0 signatures

150 seconds

Behavioral task

behavioral4

Sample

Payload/Spotify.app/Frameworks/CydiaSubstrate.framework/Commands/cycc

Resource

debian9-armhf-20240611-en

debian-9-armhf

0 signatures

150 seconds

Behavioral task

behavioral5

Sample

Payload/Spotify.app/Frameworks/CydiaSubstrate.framework/Commands/cycc

Resource

debian9-mipsbe-20240611-en

debian-9-mips

0 signatures

150 seconds

Behavioral task

behavioral6

Sample

Payload/Spotify.app/Frameworks/CydiaSubstrate.framework/Commands/cycc

Resource

debian9-mipsel-20240226-en

debian-9-mipsel

0 signatures

150 seconds

Behavioral task

behavioral7

Sample

Payload/Spotify.app/Frameworks/CydiaSubstrate.framework/Commands/cynject

Resource

macos-20241106-en

macos-10.15-amd64

0 signatures

150 seconds

Behavioral task

behavioral8

Sample

Payload/Spotify.app/Frameworks/CydiaSubstrate.framework/Libraries/SubstrateBootstrap.dylib

Resource

macos-20241101-en

macos-10.15-amd64

0 signatures

150 seconds

Behavioral task

behavioral9

Sample

Payload/Spotify.app/Frameworks/Spotilife.dylib

Resource

macos-20241106-en

macos-10.15-amd64

0 signatures

150 seconds

Behavioral task

behavioral10

Sample

Payload/Spotify.app/Frameworks/libswiftAVFoundation.dylib

Resource

macos-20241101-en

macos-10.15-amd64

0 signatures

150 seconds

Behavioral task

behavioral11

Sample

Payload/Spotify.app/Frameworks/libswiftCallKit.dylib

Resource

macos-20241106-en

macos-10.15-amd64

0 signatures

150 seconds

Behavioral task

behavioral12

Sample

Payload/Spotify.app/Frameworks/libswiftCloudKit.dylib

Resource

macos-20241101-en

macos-10.15-amd64

0 signatures

150 seconds

Behavioral task

behavioral13

Sample

Payload/Spotify.app/Frameworks/libswiftContacts.dylib

Resource

macos-20241106-en

macos-10.15-amd64

0 signatures

150 seconds

Behavioral task

behavioral14

Sample

Payload/Spotify.app/Frameworks/libswiftCore.dylib

Resource

macos-20241101-en

macos-10.15-amd64

0 signatures

150 seconds

Behavioral task

behavioral15

Sample

Payload/Spotify.app/Frameworks/libswiftCoreAudio.dylib

Resource

macos-20241106-en

macos-10.15-amd64

0 signatures

150 seconds

Behavioral task

behavioral16

Sample

Payload/Spotify.app/Frameworks/libswiftCoreData.dylib

Resource

macos-20241101-en

macos-10.15-amd64

0 signatures

150 seconds

Behavioral task

behavioral17

Sample

Payload/Spotify.app/Frameworks/libswiftCoreFoundation.dylib

Resource

macos-20241106-en

macos-10.15-amd64

0 signatures

150 seconds

Behavioral task

behavioral18

Sample

Payload/Spotify.app/Frameworks/libswiftCoreGraphics.dylib

Resource

macos-20241101-en

macos-10.15-amd64

0 signatures

150 seconds

Behavioral task

behavioral19

Sample

Payload/Spotify.app/Frameworks/libswiftCoreImage.dylib

Resource

macos-20241101-en

macos-10.15-amd64

0 signatures

150 seconds

Behavioral task

behavioral20

Sample

Payload/Spotify.app/Frameworks/libswiftCoreLocation.dylib

Resource

macos-20241106-en

macos-10.15-amd64

0 signatures

150 seconds

Behavioral task

behavioral21

Sample

Payload/Spotify.app/Frameworks/libswiftCoreMedia.dylib

Resource

macos-20241106-en

macos-10.15-amd64

0 signatures

150 seconds

Behavioral task

behavioral22

Sample

Payload/Spotify.app/Frameworks/libswiftDarwin.dylib

Resource

macos-20241106-en

macos-10.15-amd64

0 signatures

150 seconds

Behavioral task

behavioral23

Sample

Payload/Spotify.app/Frameworks/libswiftDispatch.dylib

Resource

macos-20241106-en

macos-10.15-amd64

0 signatures

150 seconds

Behavioral task

behavioral24

Sample

Payload/Spotify.app/Frameworks/libswiftFoundation.dylib

Resource

macos-20241106-en

macos-10.15-amd64

0 signatures

150 seconds

Behavioral task

behavioral25

Sample

Payload/Spotify.app/Frameworks/libswiftIntents.dylib

Resource

macos-20241106-en

macos-10.15-amd64

0 signatures

150 seconds

Behavioral task

behavioral26

Sample

Payload/Spotify.app/Frameworks/libswiftMapKit.dylib

Resource

macos-20241101-en

macos-10.15-amd64

0 signatures

150 seconds

Behavioral task

behavioral27

Sample

Payload/Spotify.app/Frameworks/libswiftMediaPlayer.dylib

Resource

macos-20241101-en

macos-10.15-amd64

0 signatures

150 seconds

Behavioral task

behavioral28

Sample

Payload/Spotify.app/Frameworks/libswiftMetal.dylib

Resource

macos-20241101-en

macos-10.15-amd64

0 signatures

150 seconds

Behavioral task

behavioral29

Sample

Payload/Spotify.app/Frameworks/libswiftNetwork.dylib

Resource

macos-20241101-en

macos-10.15-amd64

0 signatures

150 seconds

Behavioral task

behavioral30

Sample

Payload/Spotify.app/Frameworks/libswiftObjectiveC.dylib

Resource

macos-20241101-en

macos-10.15-amd64

0 signatures

150 seconds

Behavioral task

behavioral31

Sample

Payload/Spotify.app/Frameworks/libswiftQuartzCore.dylib

Resource

macos-20241106-en

macos-10.15-amd64

0 signatures

150 seconds

Behavioral task

behavioral32

Sample

Payload/Spotify.app/Frameworks/libswiftUIKit.dylib

Resource

macos-20241106-en

macos-10.15-amd64

0 signatures

150 seconds

Report Analysis Logs

General

Target

Payload/Spotify.app/Frameworks/libswiftContacts.dylib
Size

77KB
MD5

1b7a29ec34f6b672d54cd2a49b6f6028
SHA1

5995c500c3e550095da351d4d472c38ccf21f58f
SHA256

c74eb86f3a0ea99f46eeec070dc1412ff766ab1c16e4d424c7cb9277479363ac
SHA512

04e6f61fc37a00dac54620dc2b5fb5b6a432102dc0303e3c9b868f1faa47728714411680c8503552be8c2ad4c654be944d2a2b82f0672a29d532bc4e50bed3ee
SSDEEP

768:sbWUBndthXWu7osmJBNzHnI+hmVeLvue8:wBdthXWOtU3Hpue

Score

1^/10

Malware Config

Signatures

Processes

/bin/sh
sh -c "sudo /bin/zsh -c \"/Users/run/Payload/Spotify.app/Frameworks/libswiftContacts.dylib\""
1⤵
PID:488

/bin/bash
sh -c "sudo /bin/zsh -c \"/Users/run/Payload/Spotify.app/Frameworks/libswiftContacts.dylib\""
1⤵
PID:488

/usr/bin/sudo
sudo /bin/zsh -c /Users/run/Payload/Spotify.app/Frameworks/libswiftContacts.dylib
1⤵
PID:488
- /bin/zsh
  /bin/zsh -c /Users/run/Payload/Spotify.app/Frameworks/libswiftContacts.dylib
  2⤵
  PID:489
- /Users/run/Payload/Spotify.app/Frameworks/libswiftContacts.dylib
  /Users/run/Payload/Spotify.app/Frameworks/libswiftContacts.dylib
  2⤵
  PID:489

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads