Overview

overview

10

Static

static

1

PC-Files_E...23.exe

windows7-x64

10

PC-Files_E...23.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    S0FT-PC-2O23.rar

  • Size

    60.8MB

  • Sample

    230410-yz8q5sga39

  • MD5

    d3dd84d7dcb8e28cb384614dccd332fd

  • SHA1

    49e15c3f6ed0d83173fbf42b8d2a42b6b3d323e0

  • SHA256

    3c3aad285ca3d73e6775365f2dc20643f82c7bcc2aca4008a735cc496ba95cb0

  • SHA512

    8111cfeb540c27cae037609773ced8f02d46e224dab8d0cf1d6eb314b6afa2681fed3027344c2b265763a3d259637f079dea8a71940545667f0e2a62394dc263

  • SSDEEP

    1572864:x4/fFWBwxtFw5dx1iBg6l5hi9XWdOrU5QR6YOH5/DyH/:OHmy6hEg85ohg5QZm/DyH/

Score
10/10
laplasraccoonf752420247e5bcc46230c6129c34c6a2clipperdiscoverypersistencespywarestealer

Malware Config

Extracted

Family

raccoon

Botnet

f752420247e5bcc46230c6129c34c6a2

C2

http://95.216.153.86/

http://5.75.159.229/

http://212.113.119.153/

http://78.153.130.123/
xor.plain

Extracted

Family

laplas

C2

http://212.113.106.172

Attributes
  • api_key

    a8f23fb9332db9a7947580ee498822bfe375b57ad7eb47370c7209509050c298

Targets

    • Target

      PC-Files_Expert-2O23/Laucnher-PC-S0FT-2O23.exe

    • Size

      730.0MB

    • MD5

      ac806cf293cada210b512a642e290a33

    • SHA1

      e8dfe030d105a95d76936848b83187f382c7cd43

    • SHA256

      794997ce49323e2620efdd9a2a34d364890313cb0984e909a5cf589d4072f17e

    • SHA512

      4201478b7f39f29e0984a3828a5e23450eaeb688d8bcb7e5e0a29a5a4dae9f603bc87fb9595ee701f4e258bea13838dd72d8743e8423c92c156fc28ba0bbb9e8

    • SSDEEP

      196608:kSpje7hK/Y1X+MfKclMp5daT7OfO8to35qUB7+A4FNv:kSte7hi1M8faOfFIE

    Score
    10/10
    raccoonf752420247e5bcc46230c6129c34c6a2discoveryspywarestealerlaplasclipperpersistence

    • Laplas Clipper

      Laplas is a crypto wallet stealer with three variants written in Golang, C#, and C++.

      stealerclipperlaplas

    • Raccoon

      Raccoon is an infostealer written in C++ and first seen in 2019.

      stealerraccoon

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks