Overview

overview

10

Static

static

1

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    147s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15-03-2023 11:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    file.exe

  • Size

    1.9MB

  • MD5

    e4321deefba7523e1495992b0d8b655a

  • SHA1

    78883ae71aea1dd62a0213e54b431553e5e61647

  • SHA256

    98446a2ba850c3132d15b9cc773c365052631e83f734a2ec0e19f7b71dce3f3d

  • SHA512

    acbeb4cb61276a5464924a972cf0ea874ca287959b6a120588acda8077d54188265b247dd23f7b9a1281f1df0b81437e3e498e1eb22c21fbfba986e77f970b30

  • SSDEEP

    49152:yf/wWlz2lOSHEQKH7J4pwF1KmQyAXszJs:ynwblOSkQKH9Kw7KrK

Score
10/10
laplasclipperpersistencestealer

Malware Config

Extracted

Family

laplas

C2

http://45.159.189.105

Attributes
  • api_key

    9ee0ef01cd0f0468c997745b63f39799e510412a4bb4e6ff8efcf6f8ac926172

Signatures

  • Laplas Clipper

    Laplas is a crypto wallet stealer with three variants written in Golang, C#, and C++.

    stealerclipperlaplas
  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • GoLang User-Agent 1 IoCs

    Uses default user-agent string defined by GoLang HTTP packages.

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\file.exe
    "C:\Users\Admin\AppData\Local\Temp\file.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious use of WriteProcessMemory
    PID:432
    • C:\Users\Admin\AppData\Roaming\NTSystem\ntlhost.exe
      C:\Users\Admin\AppData\Roaming\NTSystem\ntlhost.exe
      2⤵
      • Executes dropped EXE
      PID:2468

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\NTSystem\ntlhost.exe
    Filesize

    753.1MB

    MD5

    e4afcbeddd22a3877743d591b302b2d3

    SHA1

    498b52aa2a585abac17cca3b4820dffee3655d70

    SHA256

    4e2ad18c6b1cd09883d1d4582f85702524b5a4a86cc06a557051cb028ab17a37

    SHA512

    4edac7c29947b6d3860663bcc865a3cecf16c03154cf357bddd15a0768b835c26e83d560393f1b075165285541ff4bf01b128fa8a9ee67f1dc662157602a19a7

    Download Submit

  • C:\Users\Admin\AppData\Roaming\NTSystem\ntlhost.exe
    Filesize

    764.9MB

    MD5

    0287a0f624a44b6d3e35625e6891f91a

    SHA1

    ddaa003d8cf0b101cea10ea358ba5b8d7d6edba8

    SHA256

    fa41dc5d51e3a8f0c2551b31c89616e2d060e2040d6ee5986f409b95e49224bb

    SHA512

    c0b9b6cd5fa54ebb1d084f4ab2c5065996c58bb383bd7358283180eec7b2120bc2cb70ee112b2b69e7ac91d3842b547cdd18c196a14af016096c86589bff145d

    Download Submit

  • memory/432-134-0x0000000004D30000-0x0000000005100000-memory.dmp

    Filesize

    3.8MB

    Download

  • memory/432-136-0x0000000000400000-0x0000000002CA6000-memory.dmp

    Filesize

    40.6MB

    Download

  • memory/432-139-0x0000000000400000-0x0000000002CA6000-memory.dmp

    Filesize

    40.6MB

    Download

  • memory/2468-146-0x0000000000400000-0x0000000002CA6000-memory.dmp

    Filesize

    40.6MB

    Download

  • memory/2468-150-0x0000000000400000-0x0000000002CA6000-memory.dmp

    Filesize

    40.6MB

    Download

  • memory/2468-144-0x0000000000400000-0x0000000002CA6000-memory.dmp

    Filesize

    40.6MB

    Download

  • memory/2468-142-0x0000000000400000-0x0000000002CA6000-memory.dmp

    Filesize

    40.6MB

    Download

  • memory/2468-147-0x0000000000400000-0x0000000002CA6000-memory.dmp

    Filesize

    40.6MB

    Download

  • memory/2468-148-0x0000000000400000-0x0000000002CA6000-memory.dmp

    Filesize

    40.6MB

    Download

  • memory/2468-149-0x0000000000400000-0x0000000002CA6000-memory.dmp

    Filesize

    40.6MB

    Download

  • memory/2468-143-0x0000000000400000-0x0000000002CA6000-memory.dmp

    Filesize

    40.6MB

    Download

  • memory/2468-151-0x0000000000400000-0x0000000002CA6000-memory.dmp

    Filesize

    40.6MB

    Download

  • memory/2468-152-0x0000000000400000-0x0000000002CA6000-memory.dmp

    Filesize

    40.6MB

    Download

  • memory/2468-153-0x0000000000400000-0x0000000002CA6000-memory.dmp

    Filesize

    40.6MB

    Download

  • memory/2468-154-0x0000000000400000-0x0000000002CA6000-memory.dmp

    Filesize

    40.6MB

    Download

  • memory/2468-155-0x0000000000400000-0x0000000002CA6000-memory.dmp

    Filesize

    40.6MB

    Download

  • memory/2468-156-0x0000000000400000-0x0000000002CA6000-memory.dmp

    Filesize

    40.6MB

    Download