Overview

overview

10

Static

static

8

04dec944c7...9d.exe

windows7-x64

10

04dec944c7...9d.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    31s
  • max time network
    34s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    13/01/2023, 01:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    04dec944c709765f7a6e83a98a4e8b47f1c7759d.exe

  • Size

    4.5MB

  • MD5

    e96fbf2c970cd9a9620f9b3de333ba07

  • SHA1

    04dec944c709765f7a6e83a98a4e8b47f1c7759d

  • SHA256

    bd7b6f6ef2d0adfb9b2e058fc46ad29ff1edffc648f9d7408745916bb8a2f310

  • SHA512

    77b1d831984368ce49e57931f15e43e7dfec34b1edb3931c0309b84642faf8795ea6719f9aa3f852f0af4fbf38278b8a415ecac827a0213595123cb9e85be8ec

  • SSDEEP

    98304:UeCcC0a1BkNYPTTkPxky/H+sKKq3xh43J7P:U1x0Ak2P/2HsK4h+

Score
10/10
laplasstealervmprotect

Malware Config

Extracted

Family

laplas

C2

45.159.189.105

Attributes
  • api_key

    7ee57b1f6d4aff08f9755119b18cf0754b677addcb6a3063066112b10a357a8e

Signatures

  • Laplas Clipper

    Laplas is a crypto wallet stealer with two variants written in Golang and C#.

    stealerlaplas
  • VMProtect packed file 1 IoCs

    Detects executables packed with VMProtect commercial packer.

    vmprotect

Processes

  • C:\Users\Admin\AppData\Local\Temp\04dec944c709765f7a6e83a98a4e8b47f1c7759d.exe
    "C:\Users\Admin\AppData\Local\Temp\04dec944c709765f7a6e83a98a4e8b47f1c7759d.exe"
    1⤵
      PID:1112

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1112-54-0x0000000000160000-0x0000000000B77000-memory.dmp

      Filesize

      10.1MB

      Download