Overview

overview

10

Static

static

10

Spotify Pr...up.exe

windows7-x64

10

Spotify Pr...up.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Spotify Premium.rar

  • Size

    666.4MB

  • Sample

    230425-pzhqaacc2z

  • MD5

    17ad61a9214cd9e9e45b384f60e72080

  • SHA1

    b71c00ef2cd78c49290794757ea4c55dfbfe876d

  • SHA256

    cb5b534f0189a845cb43ea11408e4390f3b036d447c3ceedd337c2c88af0cc4c

  • SHA512

    5463ab150cb38e0a10a4817adc56ebbcee44da598083d6cb1f1fc46b4448ba5b5c941318c0edd20be97108ac528c93bc97024622cb471d4cd3567fdd824af1ab

  • SSDEEP

    393216:05JZmjg+j9etHB77rUdzJauPPEj8SqEHZp+4/HSfmxhpKtMagDQ79Vh9XzqhTJe:QmvpX

Score
10/10
laplassnakebotclipperpersistencesnakebotspywarestealerupx

Malware Config

Extracted

Family

laplas

C2

http://45.159.189.105

Attributes
  • api_key

    ec991afa49df4efe459cfb97dc0f831257f3b06880dca401726b96cab6cb269a

Targets

    • Target

      Spotify Premium/Setup.exe

    • Size

      630.2MB

    • MD5

      32a4d0a4ab16a702c4a00b41a6d1377e

    • SHA1

      cf9935a37c5477fdd991f50078d0fbe0da51f8df

    • SHA256

      6f895cd89dafd39df80e6cc7660f229e775c962ff249f56c9693ac16821cb9cf

    • SHA512

      c6a327e8d33fbcabba45fe3a10572d5632b3addc094010f39a709cdb3367004b659f05954988c8ee6c87196790f84a77be1c4813bd2ce8174cdd74f9a4d36ebf

    • SSDEEP

      6144:TfbOrBANQk+LQ9JfIzgPO6gsURuloFxdPQ:MO//AzgmuqO

    Score
    10/10
    laplasclipperpersistencespywarestealerupx

    • Laplas Clipper

      Laplas is a crypto wallet stealer with three variants written in Golang, C#, and C++.

      stealerclipperlaplas

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Registry Run Keys / Startup Folder

1
T1060

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Modify Registry

1
T1112

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks