laplas | 48f6242537331f5142237c388fc8fa1f52eecd568af2af01695342b1d17c4fd4 | Triage

Submit
Reports

Overview

overview

Static

static

7

winprofile

windows7-x64

winprofile

windows10-1703-x64

Sharing

General

Target

48f6242537331f5142237c388fc8fa1f52eecd568af2af01695342b1d17c4fd4
Size

3.8MB
Sample

230114-17j4vsed56
MD5

12d16c90620269cc665ce370dbe15784
SHA1

72fa84e606ee749844143e5904c14975e2d5d98c
SHA256

48f6242537331f5142237c388fc8fa1f52eecd568af2af01695342b1d17c4fd4
SHA512

aa0d992d1c9353a79d3d7984b1031b950b4022850c164ef6453f65de680f8d8d7b5d389feae2f494cde8403b7af000a3a90b78b19de36f23594db31b2ab74b67
SSDEEP

98304:aLa6vbZldIleZXkleKgxYC+ywWj5fr1018mHXM:aLa6vbZlmleZX7KAYCuWjhr12u

Score

10^/10

laplas evasion stealer themida trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

48f6242537331f5142237c388fc8fa1f52eecd568af2af01695342b1d17c4fd4.exe

Resource

win7-20221111-en

laplas evasion stealer themida trojan

windows7-x64

7 signatures

300 seconds

Behavioral task

behavioral2

Sample

48f6242537331f5142237c388fc8fa1f52eecd568af2af01695342b1d17c4fd4.exe

Resource

win10-20220812-en

laplas evasion stealer themida trojan

windows10-1703-x64

7 signatures

300 seconds

Malware Config

Extracted

Family

laplas

C2

45.159.189.105

Attributes

api_key
7ee57b1f6d4aff08f9755119b18cf0754b677addcb6a3063066112b10a357a8e

Targets

- Target
  
  48f6242537331f5142237c388fc8fa1f52eecd568af2af01695342b1d17c4fd4
- Size
  
  3.8MB
- MD5
  
  12d16c90620269cc665ce370dbe15784
- SHA1
  
  72fa84e606ee749844143e5904c14975e2d5d98c
- SHA256
  
  48f6242537331f5142237c388fc8fa1f52eecd568af2af01695342b1d17c4fd4
- SHA512
  
  aa0d992d1c9353a79d3d7984b1031b950b4022850c164ef6453f65de680f8d8d7b5d389feae2f494cde8403b7af000a3a90b78b19de36f23594db31b2ab74b67
- SSDEEP
  
  98304:aLa6vbZldIleZXkleKgxYC+ywWj5fr1018mHXM:aLa6vbZlmleZX7KAYCuWjhr12u
Score

10^/10

laplas evasion stealer themida trojan
- Laplas Clipper
  Laplas is a crypto wallet stealer with two variants written in Golang and C#.
  stealer laplas
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

laplasevasionstealerthemidatrojan

behavioral2

laplasevasionstealerthemidatrojan

© 2018-2024

Terms | Privacy