Overview

overview

10

Static

static

1

tmp.exe

windows7-x64

10

tmp.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    tmp

  • Size

    1.8MB

  • Sample

    230312-m7m9madf35

  • MD5

    f5e2f39e410931399efa66006dd1c16e

  • SHA1

    a20778938cb803de383dea36b697379a6278ec1c

  • SHA256

    57969c17dec58c9fa8fd79b063900cac9d4e91fc96105c7a185cab010a9893b2

  • SHA512

    642262f0c5ac9c6239653df69ba5b47f8416f7ecb4a9c48b918b2604a588189abbce0187dc732b395e479dc8d011fe4b2015ae3bfa8200c06b5439bf8b25ecdb

  • SSDEEP

    49152:oQnnd8m6c8pMWy1rDuO9l7zyfDI1FRxLOtuEOMPv82E:oQyl/1cnBr2SOtu1Mt

Score
10/10
laplasclipperpersistencestealer

Malware Config

Extracted

Family

laplas

C2

http://188.34.207.137

Attributes
  • api_key

    cc5483d73cc9c4dadc93d2efbac4f022d260f45e321b013f9627c335f091cdb6

Targets

    • Target

      tmp

    • Size

      1.8MB

    • MD5

      f5e2f39e410931399efa66006dd1c16e

    • SHA1

      a20778938cb803de383dea36b697379a6278ec1c

    • SHA256

      57969c17dec58c9fa8fd79b063900cac9d4e91fc96105c7a185cab010a9893b2

    • SHA512

      642262f0c5ac9c6239653df69ba5b47f8416f7ecb4a9c48b918b2604a588189abbce0187dc732b395e479dc8d011fe4b2015ae3bfa8200c06b5439bf8b25ecdb

    • SSDEEP

      49152:oQnnd8m6c8pMWy1rDuO9l7zyfDI1FRxLOtuEOMPv82E:oQyl/1cnBr2SOtu1Mt

    Score
    10/10
    laplasclipperpersistencestealer

    • Laplas Clipper

      Laplas is a crypto wallet stealer with three variants written in Golang, C#, and C++.

      stealerclipperlaplas

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks