General
-
Target
sample.exe
-
Size
245KB
-
Sample
230317-dqq5hsea53
-
MD5
83554c48c989188a5483b8cac98bd4ee
-
SHA1
1a09f227dd35b01abb2a0318fa4b1dd74349ea13
-
SHA256
7ea5061e9ebeb45f7ef962d1566d74fdbfdaf81cfff399d22aeb1605e2501f11
-
SHA512
f452875d2eb14c6a9f8124d7ba39a173532d038c0a95e89828fe624577a1a7a3b2547e262c8136450ebf337700ed74522e57c48c7b63988df8272ebbe446be22
-
SSDEEP
6144:VbfmTinRvgDPVY7Rae8Vkpv9qmo3hLhJ:VbfmGnZgJYqVNB9
Malware Config
Extracted
laplas
http://45.159.189.105
-
api_key
9ee0ef01cd0f0468c997745b63f39799e510412a4bb4e6ff8efcf6f8ac926172
Targets
-
-
Target
sample.exe
-
Size
245KB
-
MD5
83554c48c989188a5483b8cac98bd4ee
-
SHA1
1a09f227dd35b01abb2a0318fa4b1dd74349ea13
-
SHA256
7ea5061e9ebeb45f7ef962d1566d74fdbfdaf81cfff399d22aeb1605e2501f11
-
SHA512
f452875d2eb14c6a9f8124d7ba39a173532d038c0a95e89828fe624577a1a7a3b2547e262c8136450ebf337700ed74522e57c48c7b63988df8272ebbe446be22
-
SSDEEP
6144:VbfmTinRvgDPVY7Rae8Vkpv9qmo3hLhJ:VbfmGnZgJYqVNB9
Score10/10-
Laplas Clipper
Laplas is a crypto wallet stealer with three variants written in Golang, C#, and C++.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-