General
-
Target
29489f7b2ec06f0fa0c1cecbb7758c0b65bb6a9e591d0c5a4d6b0f0dbb29a106
-
Size
256KB
-
Sample
230316-ljvhcscd9y
-
MD5
708a7c52a2a5cb13fb9e5a00a8bebe95
-
SHA1
0cb30828811ff3ac16a49807355c149cf408c400
-
SHA256
29489f7b2ec06f0fa0c1cecbb7758c0b65bb6a9e591d0c5a4d6b0f0dbb29a106
-
SHA512
0f6ba0fba6a00a3f74dd71e7a5f2bbb7ec74f7ad70c9ddd33d72de7bd3312fe8d9bd9afb7125d37aa3f9ee5f0169121f822eef64dea68fb473a89b976dcbb99a
-
SSDEEP
3072:Zfn6nlZ/XPoWx8RqQ71WRLLqbFcbJLIKYJMggThq/NTO8RZqAdidXGX:ZinbnoJhiFWMgz/Nq8RZed
Malware Config
Extracted
laplas
http://45.159.189.105
-
api_key
9ee0ef01cd0f0468c997745b63f39799e510412a4bb4e6ff8efcf6f8ac926172
Targets
-
-
Target
29489f7b2ec06f0fa0c1cecbb7758c0b65bb6a9e591d0c5a4d6b0f0dbb29a106
-
Size
256KB
-
MD5
708a7c52a2a5cb13fb9e5a00a8bebe95
-
SHA1
0cb30828811ff3ac16a49807355c149cf408c400
-
SHA256
29489f7b2ec06f0fa0c1cecbb7758c0b65bb6a9e591d0c5a4d6b0f0dbb29a106
-
SHA512
0f6ba0fba6a00a3f74dd71e7a5f2bbb7ec74f7ad70c9ddd33d72de7bd3312fe8d9bd9afb7125d37aa3f9ee5f0169121f822eef64dea68fb473a89b976dcbb99a
-
SSDEEP
3072:Zfn6nlZ/XPoWx8RqQ71WRLLqbFcbJLIKYJMggThq/NTO8RZqAdidXGX:ZinbnoJhiFWMgz/Nq8RZed
Score10/10-
Laplas Clipper
Laplas is a crypto wallet stealer with three variants written in Golang, C#, and C++.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-