Overview

overview

10

Static

static

1

39c28f0244...9d.exe

windows7-x64

8

39c28f0244...9d.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    aca042ff3879a53b09a6089012c0dc3c.bin

  • Size

    11.3MB

  • Sample

    230313-m9m2mscb3z

  • MD5

    8659d7cca7aefdb47824525204bd0f7c

  • SHA1

    8a59432448e8237914862b75c9df04eae98af85a

  • SHA256

    1e57c51cc9d846bf498dafd60c3423dcb6896cf9e2cc9f754e2ba7c77b38445d

  • SHA512

    1cad88638e03d97d2f2e17d16f2ec47d8f9e17fd4d01338c96e68d9972026c40ac25e4cde17acfe2a01459bee636344ec9edb1b21d8eda480659d0f8adf581e7

  • SSDEEP

    196608:5YrwsaFwhHUUsbz+7DQqM5azdmNnIbGDsKS5+9xiuqJEI3iPi3ghR+epBX21bFCr:5YZDFUUc+7DQtazdmNnI6Avs9wiI3i6S

Score
10/10
laplasclipperdiscoverypersistencespywarestealer

Malware Config

Extracted

Family

laplas

C2

http://185.106.92.104

Attributes
  • api_key

    bc2dceabe69fa26dbf4dd8295d65e03e1990633a88c1c8410825c9266b239396

Targets

    • Target

      39c28f0244bfeb2fe54808cda05f80ad36a886f1e2c75960779ede0894a9219d.exe

    • Size

      11.7MB

    • MD5

      aca042ff3879a53b09a6089012c0dc3c

    • SHA1

      cffcd52ebc1dac648c06abf22a73fed5e631d932

    • SHA256

      39c28f0244bfeb2fe54808cda05f80ad36a886f1e2c75960779ede0894a9219d

    • SHA512

      1b774c8804457e0c5a424f243c5a1cdeeb2c5cb52b867d0695d377a9edecad4e4cc125adcef05eed939de13cb325e5160213fc75850016a6b31469cf24837fa6

    • SSDEEP

      196608:W9x9G9JpwtykN94/4KdH3WPdv16lzYrcttP5Kzn/cpCXH2zcgh0YZZoJ8wnVSh7U:WxRtykbuH3+x162r0Pkzn/c4XH2zcU0Q

    Score
    10/10
    discoveryspywarestealerlaplasclipperpersistence

    • Laplas Clipper

      Laplas is a crypto wallet stealer with three variants written in Golang, C#, and C++.

      stealerclipperlaplas

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks