Skip to content

Hide Navigation Hide TOC

PowerSpritz (5629bc84-58eb-42d9-adc6-cd0eeb08ccaf)

PowerSpritz is a Windows executable that hides both its legitimate payload and malicious PowerShell command using a non-standard implementation of the already rarely used Spritz encryption algorithm (see the Attribution section for additional analysis of the Spritz implementation). This malicious downloader has been observed being delivered via spearphishing attacks using the TinyCC link shortener service to redirect to likely attacker-controlled servers hosting the malicious PowerSpritz payload.

Cluster A Galaxy A Cluster B Galaxy B Level
PowerSpritz (c07f6484-0669-44b7-90e6-f642e316d277) Malpedia PowerSpritz (5629bc84-58eb-42d9-adc6-cd0eeb08ccaf) Tool 1