Overview

overview

10

Static

static

1

dridex

windows10-1703-x64

10

Analysis

  • max time kernel
    146s
  • max time network
    147s
  • platform
    windows10-1703_x64
  • resource
    win10-20230220-en
  • resource tags

    arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
  • submitted
    16-03-2023 16:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5bc89ac527b9326cfe4e3c88c2271084330cb58fcdbe91da7aab3b2eb49c9d57.exe

  • Size

    1.9MB

  • MD5

    8d84e57656a59231cb00e35857f52f5a

  • SHA1

    6f2c858adeb1d8c488e2885688982eb8c9798e6f

  • SHA256

    5bc89ac527b9326cfe4e3c88c2271084330cb58fcdbe91da7aab3b2eb49c9d57

  • SHA512

    7defc51e96af47b849c06534faa0cd5959dd871c61e6b894ee9ceefa9a52925f3a8b35e562c3cf811eb71d727e579cb130d3a332ed5e73ef7c64a48a6125bac9

  • SSDEEP

    24576:Tj72QEHHAU0XTLnkXsdC4eZ9jAOXOSs3UUp9KL+koeAPdk5OQpo6w0LFi:iQEAlkXuCVjAOXO6iKL+kojQvu6

Score
10/10
laplasclipperpersistencestealer

Malware Config

Extracted

Family

laplas

C2

http://45.87.154.105

Attributes
  • api_key

    1c630872d348a77d04368d542fde4663bc2bcb96f1b909554db3472c08df2767

Signatures

  • Laplas Clipper

    Laplas is a crypto wallet stealer with three variants written in Golang, C#, and C++.

    stealerclipperlaplas
  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • GoLang User-Agent 1 IoCs

    Uses default user-agent string defined by GoLang HTTP packages.

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5bc89ac527b9326cfe4e3c88c2271084330cb58fcdbe91da7aab3b2eb49c9d57.exe
    "C:\Users\Admin\AppData\Local\Temp\5bc89ac527b9326cfe4e3c88c2271084330cb58fcdbe91da7aab3b2eb49c9d57.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious use of WriteProcessMemory
    PID:4212
    • C:\Users\Admin\AppData\Roaming\NTSystem\ntlhost.exe
      C:\Users\Admin\AppData\Roaming\NTSystem\ntlhost.exe
      2⤵
      • Executes dropped EXE
      PID:2148

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\NTSystem\ntlhost.exe
    Filesize

    684.1MB

    MD5

    fa7c558f08501dc271c81c659de7f2da

    SHA1

    32503cd0e4af28aad804cc1f866ccdb240cbd5f2

    SHA256

    629aaea8546f085c5c1945f0751f5629ce46711b6af839eb3be64683dcc7115d

    SHA512

    8f08766d0822a59e8e19de4466c2d1b714c01f564cdbebeaec6652e26e43bd6e13c6ae2686ce7ef80072c295c52824162890beddc68db47ed340553ae5968e2d

    Download Submit

  • C:\Users\Admin\AppData\Roaming\NTSystem\ntlhost.exe
    Filesize

    733.9MB

    MD5

    435803b47a7f3124a551a0623778005e

    SHA1

    f94a8a526032c0ae29cc62c7be6d48831024b3cc

    SHA256

    1bf811bfa9865eb5c6ecb60ca2c664bbb44cfcbeb201502170bfa680a12b0982

    SHA512

    d2034b47e6342e29f5ea1b21dc93931f44ed4af3d866b20d9eb1317a0f7aef499da99ad6b131edbd1ed2c69b6c834845d100151730ffbd5f7ae7c28719899a23

    Download Submit

  • memory/2148-136-0x0000000000400000-0x0000000002CA4000-memory.dmp

    Filesize

    40.6MB

    Download

  • memory/2148-135-0x0000000000400000-0x0000000002CA4000-memory.dmp

    Filesize

    40.6MB

    Download

  • memory/2148-142-0x0000000000400000-0x0000000002CA4000-memory.dmp

    Filesize

    40.6MB

    Download

  • memory/2148-128-0x0000000000400000-0x0000000002CA4000-memory.dmp

    Filesize

    40.6MB

    Download

  • memory/2148-129-0x0000000000400000-0x0000000002CA4000-memory.dmp

    Filesize

    40.6MB

    Download

  • memory/2148-130-0x0000000000400000-0x0000000002CA4000-memory.dmp

    Filesize

    40.6MB

    Download

  • memory/2148-131-0x0000000000400000-0x0000000002CA4000-memory.dmp

    Filesize

    40.6MB

    Download

  • memory/2148-133-0x0000000000400000-0x0000000002CA4000-memory.dmp

    Filesize

    40.6MB

    Download

  • memory/2148-134-0x0000000000400000-0x0000000002CA4000-memory.dmp

    Filesize

    40.6MB

    Download

  • memory/2148-141-0x0000000000400000-0x0000000002CA4000-memory.dmp

    Filesize

    40.6MB

    Download

  • memory/2148-140-0x0000000000400000-0x0000000002CA4000-memory.dmp

    Filesize

    40.6MB

    Download

  • memory/2148-137-0x0000000000400000-0x0000000002CA4000-memory.dmp

    Filesize

    40.6MB

    Download

  • memory/2148-138-0x0000000000400000-0x0000000002CA4000-memory.dmp

    Filesize

    40.6MB

    Download

  • memory/2148-139-0x0000000000400000-0x0000000002CA4000-memory.dmp

    Filesize

    40.6MB

    Download

  • memory/4212-120-0x0000000004D30000-0x0000000005100000-memory.dmp

    Filesize

    3.8MB

    Download

  • memory/4212-122-0x0000000000400000-0x0000000002CA4000-memory.dmp

    Filesize

    40.6MB

    Download

  • memory/4212-124-0x0000000000400000-0x0000000002CA4000-memory.dmp

    Filesize

    40.6MB

    Download