Overview

overview

10

Static

static

1

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    file.exe

  • Size

    197KB

  • Sample

    230209-jw5gzsah4s

  • MD5

    7ff972b22c38b488c9bd8faaee20f191

  • SHA1

    70cc8dfd8fb9a70acf149627ca0a5af48bc869cb

  • SHA256

    7fbdcce122af8b4fe1638f1ddf87c738a7499d89d52db78d3f86a812171b6454

  • SHA512

    a61b8a175591de0aa9fb70a69f98cd01cd2524b706a3885750c5d3ea6e8bf4753b3ea13cce774a8f71ebf0db60ee40cc0528c5d9d64fa3df230624be53fcf8f7

  • SSDEEP

    3072:nGsO7VZUS5qUw1LmblWuzd5TaXC7v6lTj8ViAXFj6rBQWL:nGschoL2lXSD5jwHj6n

Score
10/10
laplassmokeloaderbackdoorclipperstealertrojan

Malware Config

Extracted

Family

laplas

C2

http://45.159.189.105

Attributes
  • api_key

    ad75d4e2e9636ca662a337b6e798d36159f23acfc89bbe9400d0d451bd8d69fd

Targets

    • Target

      file.exe

    • Size

      197KB

    • MD5

      7ff972b22c38b488c9bd8faaee20f191

    • SHA1

      70cc8dfd8fb9a70acf149627ca0a5af48bc869cb

    • SHA256

      7fbdcce122af8b4fe1638f1ddf87c738a7499d89d52db78d3f86a812171b6454

    • SHA512

      a61b8a175591de0aa9fb70a69f98cd01cd2524b706a3885750c5d3ea6e8bf4753b3ea13cce774a8f71ebf0db60ee40cc0528c5d9d64fa3df230624be53fcf8f7

    • SSDEEP

      3072:nGsO7VZUS5qUw1LmblWuzd5TaXC7v6lTj8ViAXFj6rBQWL:nGschoL2lXSD5jwHj6n

    Score
    10/10
    smokeloaderbackdoortrojanlaplasclipperstealer

    • Detects Smokeloader packer

    • Laplas Clipper

      Laplas is a crypto wallet stealer with three variants written in Golang, C#, and C++.

      stealerclipperlaplas

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks