laplas | 4cb97044fa8325ea15b14dbf9d6ee9301b9fb0601189a0c04dac9c7358313b0a | Triage

Sharing

General

Target

4cb97044fa8325ea15b14dbf9d6ee9301b9fb0601189a0c04dac9c7358313b0a
Size

246KB
Sample

230316-qbhwtaah66
MD5

9789fecf55c4b070e0194adb021ed607
SHA1

5acfd723e11c569a12d5880083346576c1afe5a3
SHA256

4cb97044fa8325ea15b14dbf9d6ee9301b9fb0601189a0c04dac9c7358313b0a
SHA512

7b5f0e67236c7dd0823ad6993933106fdf1c2f51d4a8008e2b52bcf7ded4a6ad9bf5dc538300f7d82d7229bc39c64b1ddc817516989beb6ad09082879d778836
SSDEEP

6144:pp/7/xgVzhs7yOomaVP1cQX6yOQgNRaMWm2:pp/lQYymMuQKyF0Km

Score

10^/10

laplas clipper persistence stealer

Malware Config

Extracted

Family

laplas

C2

http://45.159.189.105

Attributes

api_key
9ee0ef01cd0f0468c997745b63f39799e510412a4bb4e6ff8efcf6f8ac926172

Targets

- Target
  
  4cb97044fa8325ea15b14dbf9d6ee9301b9fb0601189a0c04dac9c7358313b0a
- Size
  
  246KB
- MD5
  
  9789fecf55c4b070e0194adb021ed607
- SHA1
  
  5acfd723e11c569a12d5880083346576c1afe5a3
- SHA256
  
  4cb97044fa8325ea15b14dbf9d6ee9301b9fb0601189a0c04dac9c7358313b0a
- SHA512
  
  7b5f0e67236c7dd0823ad6993933106fdf1c2f51d4a8008e2b52bcf7ded4a6ad9bf5dc538300f7d82d7229bc39c64b1ddc817516989beb6ad09082879d778836
- SSDEEP
  
  6144:pp/7/xgVzhs7yOomaVP1cQX6yOQgNRaMWm2:pp/lQYymMuQKyF0Km
Score

10^/10

laplas clipper persistence stealer
- Laplas Clipper
  Laplas is a crypto wallet stealer with three variants written in Golang, C#, and C++.
  stealer clipper laplas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

laplasclipperpersistencestealer