Overview

overview

10

Static

static

1

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    152s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13/03/2023, 14:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    file.exe

  • Size

    1.9MB

  • MD5

    50c8ba764864a27471c1e46ec947f944

  • SHA1

    e8b13edb9d248a1449d200582e6fdbc6f4285afd

  • SHA256

    a4099e49f7b95da7d3017635d34afbfcae9b556f2e3573c4c18fc4c3a891913d

  • SHA512

    592d0f73ed9f569b3ff856da1d988be39e61592e3dcc0663fc663cc20e315c34100e8caf35ee562173528f4b22910229176116b5b780845de4a3314485f52002

  • SSDEEP

    49152:8TfU9QQZjg5VdTimqf0NSRwP2u3Ipn0ZA3H4fj4v1+Pid:eOQQZ0rdng0m8IpnQA3Y7T

Score
10/10
laplasclipperpersistencestealer

Malware Config

Extracted

Family

laplas

C2

http://45.159.189.105

Attributes
  • api_key

    9ee0ef01cd0f0468c997745b63f39799e510412a4bb4e6ff8efcf6f8ac926172

Signatures

  • Laplas Clipper

    Laplas is a crypto wallet stealer with three variants written in Golang, C#, and C++.

    stealerclipperlaplas
  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • GoLang User-Agent 1 IoCs

    Uses default user-agent string defined by GoLang HTTP packages.

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\file.exe
    "C:\Users\Admin\AppData\Local\Temp\file.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious use of WriteProcessMemory
    PID:2224
    • C:\Users\Admin\AppData\Roaming\NTSystem\ntlhost.exe
      C:\Users\Admin\AppData\Roaming\NTSystem\ntlhost.exe
      2⤵
      • Executes dropped EXE
      PID:2484

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\NTSystem\ntlhost.exe
    Filesize

    735.9MB

    MD5

    ffc082b08308d44db855dc44ab943649

    SHA1

    b53555a6f4878cfe88a2c3a721e2fa1b68c50b94

    SHA256

    cf1f8a20893158ba222b14809f85be373fe15a7ce7cd30d646aaf3bb696e24c3

    SHA512

    986c10ec11a1e489cfc5b7b1f76c52784676fb747f93015c8621e0e1801bd8a27f29a6d70d9ddefb7d4d719e74177a28ad314e4bf611174f62e57adf612f22a8

    Download Submit

  • C:\Users\Admin\AppData\Roaming\NTSystem\ntlhost.exe
    Filesize

    735.9MB

    MD5

    ffc082b08308d44db855dc44ab943649

    SHA1

    b53555a6f4878cfe88a2c3a721e2fa1b68c50b94

    SHA256

    cf1f8a20893158ba222b14809f85be373fe15a7ce7cd30d646aaf3bb696e24c3

    SHA512

    986c10ec11a1e489cfc5b7b1f76c52784676fb747f93015c8621e0e1801bd8a27f29a6d70d9ddefb7d4d719e74177a28ad314e4bf611174f62e57adf612f22a8

    Download Submit

  • memory/2224-134-0x00000000029A0000-0x0000000002D70000-memory.dmp

    Filesize

    3.8MB

    Download

  • memory/2224-136-0x0000000000400000-0x00000000009F1000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/2224-141-0x0000000000400000-0x00000000009F1000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/2484-149-0x0000000000400000-0x00000000009F1000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/2484-157-0x0000000000400000-0x00000000009F1000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/2484-146-0x0000000000400000-0x00000000009F1000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/2484-142-0x0000000000400000-0x00000000009F1000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/2484-151-0x0000000000400000-0x00000000009F1000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/2484-153-0x0000000000400000-0x00000000009F1000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/2484-155-0x0000000000400000-0x00000000009F1000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/2484-144-0x0000000000400000-0x00000000009F1000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/2484-159-0x0000000000400000-0x00000000009F1000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/2484-161-0x0000000000400000-0x00000000009F1000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/2484-163-0x0000000000400000-0x00000000009F1000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/2484-165-0x0000000000400000-0x00000000009F1000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/2484-167-0x0000000000400000-0x00000000009F1000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/2484-169-0x0000000000400000-0x00000000009F1000-memory.dmp

    Filesize

    5.9MB

    Download