laplas | 8267f9dda287a6d9f0f1765c10dadee63c81ad8d2ba349db949a5219bc16b721 | Triage

Sharing

General

Target

a5738bf405e2d273310bb9eea4275555.bin
Size

196KB
Sample

230313-m584bacb2y
MD5

36d90200f95db52b6a3418fed0a381ea
SHA1

c5286e3e1944e8d41d052540f63f8a95038deaca
SHA256

8267f9dda287a6d9f0f1765c10dadee63c81ad8d2ba349db949a5219bc16b721
SHA512

2bba6708b4dc207fb998837e325b8bff0313f8c30176fd516a6b489057bcc756e85da60819207a50ac95e43430c56c3e41b557fef319566f69e3f5d534c7a553
SSDEEP

6144:/cOG385Hg9uu1M+5lKDAzASFO9VY6/ArI:/xzp8X1FJASFOn9P

Score

10^/10

laplas clipper persistence stealer

Malware Config

Extracted

Family

laplas

C2

http://45.159.189.105

Attributes

api_key
9ee0ef01cd0f0468c997745b63f39799e510412a4bb4e6ff8efcf6f8ac926172

Targets

- Target
  
  dd9b8dbe2a4bd2f65eab24664fe843325690731cfeff8efa5aeaf24e6565fe69.exe
- Size
  
  263KB
- MD5
  
  a5738bf405e2d273310bb9eea4275555
- SHA1
  
  d582cad53d78f41f4d2ea814e083e5291e59820b
- SHA256
  
  dd9b8dbe2a4bd2f65eab24664fe843325690731cfeff8efa5aeaf24e6565fe69
- SHA512
  
  bb15f79ce0b5be6d1ff0be8740f5bc6acd65b260c1e41b3645f53685ced7fc29aa450173a599f42ee88ae9ecd5213fa22d65378c90269ccb1973ad1076235f45
- SSDEEP
  
  3072:4A9FDcQxP9TF9CeVQtVVO/gCyVed1XCCyj3yvKJIvVEhSZ1hvJzmCpZmcgl11ycW:lFgQxP9T6y6V7U453yyIthZnlZQzu
Score

10^/10

laplas clipper persistence stealer
- Laplas Clipper
  Laplas is a crypto wallet stealer with three variants written in Golang, C#, and C++.
  stealer clipper laplas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

laplasclipperpersistencestealer

behavioral2

laplasclipperpersistencestealer