1cb6ad7e145fc1ca37eb9007d2338a68d51a5dd960d99a560f1d1eed218c194a

Submit
Reports

Overview

overview

Static

static

Payload/Sp...ts.pdf

windows7-x64

Payload/Sp...ts.pdf

windows10-2004-x64

Payload/Sp...s/cycc

ubuntu-18.04-amd64

Payload/Sp...s/cycc

debian-9-armhf

Payload/Sp...s/cycc

debian-9-mips

Payload/Sp...s/cycc

debian-9-mipsel

Payload/Sp...ynject

macos-10.15-amd64

Payload/Sp....dylib

macos-10.15-amd64

Payload/Sp....dylib

macos-10.15-amd64

Payload/Sp....dylib

macos-10.15-amd64

Payload/Sp....dylib

macos-10.15-amd64

Payload/Sp....dylib

macos-10.15-amd64

Payload/Sp....dylib

macos-10.15-amd64

Payload/Sp....dylib

macos-10.15-amd64

Payload/Sp....dylib

macos-10.15-amd64

Payload/Sp....dylib

macos-10.15-amd64

Payload/Sp....dylib

macos-10.15-amd64

Payload/Sp....dylib

macos-10.15-amd64

Payload/Sp....dylib

macos-10.15-amd64

Payload/Sp....dylib

macos-10.15-amd64

Payload/Sp....dylib

macos-10.15-amd64

Payload/Sp....dylib

macos-10.15-amd64

Payload/Sp....dylib

macos-10.15-amd64

Payload/Sp....dylib

macos-10.15-amd64

Payload/Sp....dylib

macos-10.15-amd64

Payload/Sp....dylib

macos-10.15-amd64

Payload/Sp....dylib

macos-10.15-amd64

Payload/Sp....dylib

macos-10.15-amd64

Payload/Sp....dylib

macos-10.15-amd64

Payload/Sp....dylib

macos-10.15-amd64

Payload/Sp....dylib

macos-10.15-amd64

Payload/Sp....dylib

macos-10.15-amd64

Analysis

max time kernel
77s
max time network
104s
platform
macos-10.15_amd64
resource
macos-20241106-en
resource tags

arch:amd64arch:i386image:macos-20241106-enkernel:19b77alocale:en-usos:macos-10.15-amd64system
submitted
03/12/2024, 12:23

Sharing

Copy URL

Twitter E-mail

Static task

static1

pdf evasion

1 signatures

Behavioral task

behavioral1

Sample

Payload/Spotify.app/Assets.pdf

Resource

win7-20240903-en

discovery

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral2

Sample

Payload/Spotify.app/Assets.pdf

Resource

win10v2004-20241007-en

discovery

windows10-2004-x64

6 signatures

150 seconds

Behavioral task

behavioral3

Sample

Payload/Spotify.app/Frameworks/CydiaSubstrate.framework/Commands/cycc

Resource

ubuntu1804-amd64-20240611-en

ubuntu-18.04-amd64

0 signatures

150 seconds

Behavioral task

behavioral4

Sample

Payload/Spotify.app/Frameworks/CydiaSubstrate.framework/Commands/cycc

Resource

debian9-armhf-20240611-en

debian-9-armhf

0 signatures

150 seconds

Behavioral task

behavioral5

Sample

Payload/Spotify.app/Frameworks/CydiaSubstrate.framework/Commands/cycc

Resource

debian9-mipsbe-20240611-en

debian-9-mips

0 signatures

150 seconds

Behavioral task

behavioral6

Sample

Payload/Spotify.app/Frameworks/CydiaSubstrate.framework/Commands/cycc

Resource

debian9-mipsel-20240226-en

debian-9-mipsel

0 signatures

150 seconds

Behavioral task

behavioral7

Sample

Payload/Spotify.app/Frameworks/CydiaSubstrate.framework/Commands/cynject

Resource

macos-20241106-en

macos-10.15-amd64

0 signatures

150 seconds

Behavioral task

behavioral8

Sample

Payload/Spotify.app/Frameworks/CydiaSubstrate.framework/Libraries/SubstrateBootstrap.dylib

Resource

macos-20241101-en

macos-10.15-amd64

0 signatures

150 seconds

Behavioral task

behavioral9

Sample

Payload/Spotify.app/Frameworks/Spotilife.dylib

Resource

macos-20241106-en

macos-10.15-amd64

0 signatures

150 seconds

Behavioral task

behavioral10

Sample

Payload/Spotify.app/Frameworks/libswiftAVFoundation.dylib

Resource

macos-20241101-en

macos-10.15-amd64

0 signatures

150 seconds

Behavioral task

behavioral11

Sample

Payload/Spotify.app/Frameworks/libswiftCallKit.dylib

Resource

macos-20241106-en

macos-10.15-amd64

0 signatures

150 seconds

Behavioral task

behavioral12

Sample

Payload/Spotify.app/Frameworks/libswiftCloudKit.dylib

Resource

macos-20241101-en

macos-10.15-amd64

0 signatures

150 seconds

Behavioral task

behavioral13

Sample

Payload/Spotify.app/Frameworks/libswiftContacts.dylib

Resource

macos-20241106-en

macos-10.15-amd64

0 signatures

150 seconds

Behavioral task

behavioral14

Sample

Payload/Spotify.app/Frameworks/libswiftCore.dylib

Resource

macos-20241101-en

macos-10.15-amd64

0 signatures

150 seconds

Behavioral task

behavioral15

Sample

Payload/Spotify.app/Frameworks/libswiftCoreAudio.dylib

Resource

macos-20241106-en

macos-10.15-amd64

0 signatures

150 seconds

Behavioral task

behavioral16

Sample

Payload/Spotify.app/Frameworks/libswiftCoreData.dylib

Resource

macos-20241101-en

macos-10.15-amd64

0 signatures

150 seconds

Behavioral task

behavioral17

Sample

Payload/Spotify.app/Frameworks/libswiftCoreFoundation.dylib

Resource

macos-20241106-en

macos-10.15-amd64

0 signatures

150 seconds

Behavioral task

behavioral18

Sample

Payload/Spotify.app/Frameworks/libswiftCoreGraphics.dylib

Resource

macos-20241101-en

macos-10.15-amd64

0 signatures

150 seconds

Behavioral task

behavioral19

Sample

Payload/Spotify.app/Frameworks/libswiftCoreImage.dylib

Resource

macos-20241101-en

macos-10.15-amd64

0 signatures

150 seconds

Behavioral task

behavioral20

Sample

Payload/Spotify.app/Frameworks/libswiftCoreLocation.dylib

Resource

macos-20241106-en

macos-10.15-amd64

0 signatures

150 seconds

Behavioral task

behavioral21

Sample

Payload/Spotify.app/Frameworks/libswiftCoreMedia.dylib

Resource

macos-20241106-en

macos-10.15-amd64

0 signatures

150 seconds

Behavioral task

behavioral22

Sample

Payload/Spotify.app/Frameworks/libswiftDarwin.dylib

Resource

macos-20241106-en

macos-10.15-amd64

0 signatures

150 seconds

Behavioral task

behavioral23

Sample

Payload/Spotify.app/Frameworks/libswiftDispatch.dylib

Resource

macos-20241106-en

macos-10.15-amd64

0 signatures

150 seconds

Behavioral task

behavioral24

Sample

Payload/Spotify.app/Frameworks/libswiftFoundation.dylib

Resource

macos-20241106-en

macos-10.15-amd64

0 signatures

150 seconds

Behavioral task

behavioral25

Sample

Payload/Spotify.app/Frameworks/libswiftIntents.dylib

Resource

macos-20241106-en

macos-10.15-amd64

0 signatures

150 seconds

Behavioral task

behavioral26

Sample

Payload/Spotify.app/Frameworks/libswiftMapKit.dylib

Resource

macos-20241101-en

macos-10.15-amd64

0 signatures

150 seconds

Behavioral task

behavioral27

Sample

Payload/Spotify.app/Frameworks/libswiftMediaPlayer.dylib

Resource

macos-20241101-en

macos-10.15-amd64

0 signatures

150 seconds

Behavioral task

behavioral28

Sample

Payload/Spotify.app/Frameworks/libswiftMetal.dylib

Resource

macos-20241101-en

macos-10.15-amd64

0 signatures

150 seconds

Behavioral task

behavioral29

Sample

Payload/Spotify.app/Frameworks/libswiftNetwork.dylib

Resource

macos-20241101-en

macos-10.15-amd64

0 signatures

150 seconds

Behavioral task

behavioral30

Sample

Payload/Spotify.app/Frameworks/libswiftObjectiveC.dylib

Resource

macos-20241101-en

macos-10.15-amd64

0 signatures

150 seconds

Behavioral task

behavioral31

Sample

Payload/Spotify.app/Frameworks/libswiftQuartzCore.dylib

Resource

macos-20241106-en

macos-10.15-amd64

0 signatures

150 seconds

Behavioral task

behavioral32

Sample

Payload/Spotify.app/Frameworks/libswiftUIKit.dylib

Resource

macos-20241106-en

macos-10.15-amd64

0 signatures

150 seconds

Report Analysis Logs

General

Target

Payload/Spotify.app/Frameworks/Spotilife.dylib
Size

677KB
MD5

cfbbc524163a24b4c75689d557c17d7d
SHA1

c85044d17073d7eea01e2f5f67a98b0c460af18d
SHA256

7808ae6b69d33d7d4aceddb96a9e7eb54c77de91b5ba40abad5fb10f26ec42d9
SHA512

4a11be5b0b25c088cfe274b5a5a6e65a2af51cb44c7d764f01f1c6b58460853ced96f61fea703b86a4a740315aa60388be96d3ec4f78f0574d1d82cf44ddd04c
SSDEEP

6144:yOvotKiLJlQtJCkgNDTXLDgeRF2Cm87OYbuG+E7A69JBGkEEwLzoqojBYLIyP/Pa:8JvN4W9jBi+zSmz

Score

1^/10

Malware Config

Signatures

Processes

/bin/sh
sh -c "sudo /bin/zsh -c \"/Users/run/Payload/Spotify.app/Frameworks/Spotilife.dylib\""
1⤵
PID:499

/bin/bash
sh -c "sudo /bin/zsh -c \"/Users/run/Payload/Spotify.app/Frameworks/Spotilife.dylib\""
1⤵
PID:499

/usr/bin/sudo
sudo /bin/zsh -c /Users/run/Payload/Spotify.app/Frameworks/Spotilife.dylib
1⤵
PID:499
- /bin/zsh
  /bin/zsh -c /Users/run/Payload/Spotify.app/Frameworks/Spotilife.dylib
  2⤵
  PID:500
- /Users/run/Payload/Spotify.app/Frameworks/Spotilife.dylib
  /Users/run/Payload/Spotify.app/Frameworks/Spotilife.dylib
  2⤵
  PID:500

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads