Overview

overview

10

Static

static

1

dridex

windows10-1703-x64

10

Analysis

  • max time kernel
    147s
  • max time network
    149s
  • platform
    windows10-1703_x64
  • resource
    win10-20230220-en
  • resource tags

    arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
  • submitted
    14/03/2023, 01:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b9e5e40d9f67c2863f5083cd7538045361b90febd90f6be2a7fc04a19c64bde4.exe

  • Size

    1.9MB

  • MD5

    a6c582180e25a184f93a789d35b24b56

  • SHA1

    5baeb1ff8f56d9e8597fc497a8bdc21e7705d594

  • SHA256

    b9e5e40d9f67c2863f5083cd7538045361b90febd90f6be2a7fc04a19c64bde4

  • SHA512

    039b120db0f3a9dce05f6f86c7d4168df1da569db46caa8d7c22c93e441d611a4ed03455cd6825114dff22d08403097fe143dce06c0c75e1365aa43db273c9a2

  • SSDEEP

    24576:hcI7u0JTd8ZjQue+VnvOYERY1lx4xOoa2UF05he8AfdbtwD6UV69ayIiaOstT2ip:Cmued8VQn+V0Y1L4cGUF0fUIWJSOsVd

Score
10/10
laplasclipperpersistencestealer

Malware Config

Extracted

Family

laplas

C2

http://45.159.189.105

Attributes
  • api_key

    9ee0ef01cd0f0468c997745b63f39799e510412a4bb4e6ff8efcf6f8ac926172

Signatures

  • Laplas Clipper

    Laplas is a crypto wallet stealer with three variants written in Golang, C#, and C++.

    stealerclipperlaplas
  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • GoLang User-Agent 1 IoCs

    Uses default user-agent string defined by GoLang HTTP packages.

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b9e5e40d9f67c2863f5083cd7538045361b90febd90f6be2a7fc04a19c64bde4.exe
    "C:\Users\Admin\AppData\Local\Temp\b9e5e40d9f67c2863f5083cd7538045361b90febd90f6be2a7fc04a19c64bde4.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious use of WriteProcessMemory
    PID:5044
    • C:\Users\Admin\AppData\Roaming\NTSystem\ntlhost.exe
      C:\Users\Admin\AppData\Roaming\NTSystem\ntlhost.exe
      2⤵
      • Executes dropped EXE
      PID:4028

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\NTSystem\ntlhost.exe
    Filesize

    702.9MB

    MD5

    64b04513d8cef011acf4f38d0898622f

    SHA1

    87fac6c1f9dae3bd67d2b9120a239b8bb2b12d2d

    SHA256

    1a3fbc4a8c6e0a699a7ffe5e874446a39e7428e0430c69897181767e77dfba23

    SHA512

    04711aaae898815a83b4dca7fd9f43ef77bfa230fe6b480b76fe05b8d6491f4e40b96f18aa9ec8165e47ec8a02ce8684069ded13201daa6526aca2d89660f61f

    Download Submit

  • C:\Users\Admin\AppData\Roaming\NTSystem\ntlhost.exe
    Filesize

    702.9MB

    MD5

    64b04513d8cef011acf4f38d0898622f

    SHA1

    87fac6c1f9dae3bd67d2b9120a239b8bb2b12d2d

    SHA256

    1a3fbc4a8c6e0a699a7ffe5e874446a39e7428e0430c69897181767e77dfba23

    SHA512

    04711aaae898815a83b4dca7fd9f43ef77bfa230fe6b480b76fe05b8d6491f4e40b96f18aa9ec8165e47ec8a02ce8684069ded13201daa6526aca2d89660f61f

    Download Submit

  • memory/4028-137-0x0000000000400000-0x0000000000803000-memory.dmp

    Filesize

    4.0MB

    Download

  • memory/4028-136-0x0000000000400000-0x0000000000803000-memory.dmp

    Filesize

    4.0MB

    Download

  • memory/4028-143-0x0000000000400000-0x0000000000803000-memory.dmp

    Filesize

    4.0MB

    Download

  • memory/4028-129-0x0000000000400000-0x0000000000803000-memory.dmp

    Filesize

    4.0MB

    Download

  • memory/4028-130-0x0000000000400000-0x0000000000803000-memory.dmp

    Filesize

    4.0MB

    Download

  • memory/4028-131-0x0000000000400000-0x0000000000803000-memory.dmp

    Filesize

    4.0MB

    Download

  • memory/4028-133-0x0000000000400000-0x0000000000803000-memory.dmp

    Filesize

    4.0MB

    Download

  • memory/4028-134-0x0000000000400000-0x0000000000803000-memory.dmp

    Filesize

    4.0MB

    Download

  • memory/4028-135-0x0000000000400000-0x0000000000803000-memory.dmp

    Filesize

    4.0MB

    Download

  • memory/4028-142-0x0000000000400000-0x0000000000803000-memory.dmp

    Filesize

    4.0MB

    Download

  • memory/4028-141-0x0000000000400000-0x0000000000803000-memory.dmp

    Filesize

    4.0MB

    Download

  • memory/4028-138-0x0000000000400000-0x0000000000803000-memory.dmp

    Filesize

    4.0MB

    Download

  • memory/4028-139-0x0000000000400000-0x0000000000803000-memory.dmp

    Filesize

    4.0MB

    Download

  • memory/4028-140-0x0000000000400000-0x0000000000803000-memory.dmp

    Filesize

    4.0MB

    Download

  • memory/5044-121-0x0000000002880000-0x0000000002C50000-memory.dmp

    Filesize

    3.8MB

    Download

  • memory/5044-123-0x0000000000400000-0x0000000000803000-memory.dmp

    Filesize

    4.0MB

    Download

  • memory/5044-125-0x0000000000400000-0x0000000000803000-memory.dmp

    Filesize

    4.0MB

    Download