laplas | 9a2232a4a9ceef2c3fcfee0acca71d5717395aff8abd1b6b26aa3a5c266b3fae | Triage

Sharing

General

Target

50d576843a36ea0ed56d5ff525690a782db8a9e3
Size

602KB
Sample

230113-bgt4psgd2z
MD5

3eb2e4fc5a63f1148550e8ad8f55d56c
SHA1

50d576843a36ea0ed56d5ff525690a782db8a9e3
SHA256

9a2232a4a9ceef2c3fcfee0acca71d5717395aff8abd1b6b26aa3a5c266b3fae
SHA512

50029b544fb5b94f69d0739609e7aa3b320ae674e18a589430f953d6f0a935bb7a0d21753742f4729ad987fa3917816f4bbc8dbe6d10d01d0a7db84f260c2060
SSDEEP

12288:FkESTrfRL7qg5g+SQVSbEg7t3O3og3iN7f86LHut03:m7PvG+S77Yt3iN7fUW

Score

10^/10

laplas vidar 255 spyware stealer vmprotect

Malware Config

Extracted

Family

vidar

Version

2

Botnet

255

C2

https://t.me/tgdatapacks

https://steamcommunity.com/profiles/76561199469677637

Attributes

profile_id
255

Extracted

Family

laplas

C2

45.159.189.105

Attributes

api_key
7ee57b1f6d4aff08f9755119b18cf0754b677addcb6a3063066112b10a357a8e

Targets

- Target
  
  50d576843a36ea0ed56d5ff525690a782db8a9e3
- Size
  
  602KB
- MD5
  
  3eb2e4fc5a63f1148550e8ad8f55d56c
- SHA1
  
  50d576843a36ea0ed56d5ff525690a782db8a9e3
- SHA256
  
  9a2232a4a9ceef2c3fcfee0acca71d5717395aff8abd1b6b26aa3a5c266b3fae
- SHA512
  
  50029b544fb5b94f69d0739609e7aa3b320ae674e18a589430f953d6f0a935bb7a0d21753742f4729ad987fa3917816f4bbc8dbe6d10d01d0a7db84f260c2060
- SSDEEP
  
  12288:FkESTrfRL7qg5g+SQVSbEg7t3O3og3iN7f86LHut03:m7PvG+S77Yt3iN7fUW
Score

10^/10

vidar 255 stealer laplas spyware vmprotect
- Laplas Clipper
  Laplas is a crypto wallet stealer with two variants written in Golang and C#.
  stealer laplas
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Downloads MZ/PE file
- Executes dropped EXE
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- Loads dropped DLL
- Accesses 2FA software files, possible credential harvesting
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vidar255stealer

behavioral2

laplasvidar255spywarestealervmprotect