laplas | 47503ca606b113e92223665ec5999de0515644d683e5feb9016577915373de12 | Triage

Submit
Reports

Overview

overview

Static

static

1

tmp.exe

windows7-x64

tmp.exe

windows10-2004-x64

Sharing

General

Target

tmp
Size

301KB
Sample

230315-z7k6gsfd27
MD5

98ac2255d753b5c02c9cd5e3e433f4f9
SHA1

c20b11f2eaebf7180dcd4c2702d5cb5d62b70984
SHA256

47503ca606b113e92223665ec5999de0515644d683e5feb9016577915373de12
SHA512

96aa7fbdc23f7d8aecb8c5adc7d9b7a4dc44518effb38f4bccf2c84019fcb6d9700a250d8b1484d5689c7cb671ec2964506d6d90a3b093350d2c5e47007151a2
SSDEEP

3072:TmFLM59uQLh0ENhA5iN0LlWOZzbpS1dMrCXFw7v9ZNlfVjP:CFLAL1nJ0pWOZXpS1yOXFwrpn

Score

10^/10

laplas clipper discovery persistence spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

tmp.exe

Resource

win7-20230220-en

laplas clipper discovery persistence spyware stealer

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

tmp.exe

Resource

win10v2004-20230220-en

laplas clipper discovery persistence spyware stealer

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Extracted

Family

laplas

C2

http://45.87.154.105

Attributes

api_key
1c630872d348a77d04368d542fde4663bc2bcb96f1b909554db3472c08df2767

Targets

- Target
  
  tmp
- Size
  
  301KB
- MD5
  
  98ac2255d753b5c02c9cd5e3e433f4f9
- SHA1
  
  c20b11f2eaebf7180dcd4c2702d5cb5d62b70984
- SHA256
  
  47503ca606b113e92223665ec5999de0515644d683e5feb9016577915373de12
- SHA512
  
  96aa7fbdc23f7d8aecb8c5adc7d9b7a4dc44518effb38f4bccf2c84019fcb6d9700a250d8b1484d5689c7cb671ec2964506d6d90a3b093350d2c5e47007151a2
- SSDEEP
  
  3072:TmFLM59uQLh0ENhA5iN0LlWOZzbpS1dMrCXFw7v9ZNlfVjP:CFLAL1nJ0pWOZXpS1yOXFwrpn
Score

10^/10

laplas clipper discovery persistence spyware stealer
- Laplas Clipper
  Laplas is a crypto wallet stealer with three variants written in Golang, C#, and C++.
  stealer clipper laplas
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

laplasclipperdiscoverypersistencespywarestealer

behavioral2

laplasclipperdiscoverypersistencespywarestealer

© 2018-2025

Terms | Privacy