laplas | c97901d5e58c0ee39e003b6274fd7722e5813e626215608d749d3b541405883f | Triage

Sharing

General

Target

c97901d5e58c0ee39e003b6274fd7722e5813e626215608d749d3b541405883f
Size

256KB
Sample

230316-gtwqyshc69
MD5

a82c0e9ba07856d33a3671f488a83825
SHA1

7ee86f7e6993f2b08e7878f5badf836551dfae9a
SHA256

c97901d5e58c0ee39e003b6274fd7722e5813e626215608d749d3b541405883f
SHA512

8de0fc6322918f3b5fe724aa10c0ab8785f71176dbba0a1ff523b292f9a8e94866296d99a957a9ead757f9b0d72cfb25459847f32852ee654ae34062b414107b
SSDEEP

3072:IfQ0bnFCDX4oWU844y6Uj4hAJQuBxJt+lcJVLgh9JO+kdtX0DtEvSRkrYnVXXJX:Io6ngU286UhABEcDgh9JgdlwtEFYV

Score

10^/10

laplas clipper persistence stealer

Malware Config

Extracted

Family

laplas

C2

http://45.159.189.105

Attributes

api_key
9ee0ef01cd0f0468c997745b63f39799e510412a4bb4e6ff8efcf6f8ac926172

Targets

- Target
  
  c97901d5e58c0ee39e003b6274fd7722e5813e626215608d749d3b541405883f
- Size
  
  256KB
- MD5
  
  a82c0e9ba07856d33a3671f488a83825
- SHA1
  
  7ee86f7e6993f2b08e7878f5badf836551dfae9a
- SHA256
  
  c97901d5e58c0ee39e003b6274fd7722e5813e626215608d749d3b541405883f
- SHA512
  
  8de0fc6322918f3b5fe724aa10c0ab8785f71176dbba0a1ff523b292f9a8e94866296d99a957a9ead757f9b0d72cfb25459847f32852ee654ae34062b414107b
- SSDEEP
  
  3072:IfQ0bnFCDX4oWU844y6Uj4hAJQuBxJt+lcJVLgh9JO+kdtX0DtEvSRkrYnVXXJX:Io6ngU286UhABEcDgh9JgdlwtEFYV
Score

10^/10

laplas clipper persistence stealer
- Laplas Clipper
  Laplas is a crypto wallet stealer with three variants written in Golang, C#, and C++.
  stealer clipper laplas
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

laplasclipperpersistencestealer