laplas | f541a193afd56c1d1b4bd488566a2936722b51c61ea4c3fa4180f82e36188e45 | Triage

Sharing

General

Target

f541a193afd56c1d1b4bd488566a2936722b51c61ea4c3fa4180f82e36188e45
Size

245KB
Sample

230316-23j4qsfd8z
MD5

f98a4bd153fb6e1857925a8c05d0ba1b
SHA1

a7426531a6c13f340871afb1b3645557c7cafddf
SHA256

f541a193afd56c1d1b4bd488566a2936722b51c61ea4c3fa4180f82e36188e45
SHA512

4559552c0a1c01259ad9994b6f79f5aad6533f6574b509a7e4d7686eb33849d117a9344e02cdc6c7d5192e5d076abfceda402686d218bfb3bca4c68c2c662a25
SSDEEP

6144:QpmWkEVL3RLm+GAQPcCEP34M64eJRThTJ:Qpm4L3Ns3PpEi5T

Score

10^/10

laplas clipper persistence stealer

Malware Config

Extracted

Family

laplas

C2

http://45.159.189.105

Attributes

api_key
9ee0ef01cd0f0468c997745b63f39799e510412a4bb4e6ff8efcf6f8ac926172

Targets

- Target
  
  f541a193afd56c1d1b4bd488566a2936722b51c61ea4c3fa4180f82e36188e45
- Size
  
  245KB
- MD5
  
  f98a4bd153fb6e1857925a8c05d0ba1b
- SHA1
  
  a7426531a6c13f340871afb1b3645557c7cafddf
- SHA256
  
  f541a193afd56c1d1b4bd488566a2936722b51c61ea4c3fa4180f82e36188e45
- SHA512
  
  4559552c0a1c01259ad9994b6f79f5aad6533f6574b509a7e4d7686eb33849d117a9344e02cdc6c7d5192e5d076abfceda402686d218bfb3bca4c68c2c662a25
- SSDEEP
  
  6144:QpmWkEVL3RLm+GAQPcCEP34M64eJRThTJ:Qpm4L3Ns3PpEi5T
Score

10^/10

laplas clipper persistence stealer
- Laplas Clipper
  Laplas is a crypto wallet stealer with three variants written in Golang, C#, and C++.
  stealer clipper laplas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

laplasclipperpersistencestealer