Overview

overview

10

Static

static

1

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    147s
  • max time network
    132s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    17-03-2023 03:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    file.exe

  • Size

    245KB

  • MD5

    ddd3ef96054200d60d04934492a3d672

  • SHA1

    8ac32d858e32f27cccec6a8896b234affa1873ba

  • SHA256

    c66e87a025b4ccb8f93a1540b999fabf9beb16c455cbbfd189e133ab642e83e2

  • SHA512

    e11f8936df9c2b1e8a265ac80b2b24693f161e678d1af8902bfc745fcf013c044837d4d401227734c49e00b0d5b6d5dd512873fc6c8d25cf3b13099f095209ab

  • SSDEEP

    6144:abfmvxMcnAkScaBd5COlRbsQOGdAtqhdCJ:abfmvCcPSc8dsaNssBf

Score
10/10
laplasclipperpersistencestealer

Malware Config

Extracted

Family

laplas

C2

http://45.159.189.105

Attributes
  • api_key

    9ee0ef01cd0f0468c997745b63f39799e510412a4bb4e6ff8efcf6f8ac926172

Signatures

  • Laplas Clipper

    Laplas is a crypto wallet stealer with three variants written in Golang, C#, and C++.

    stealerclipperlaplas
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\file.exe
    "C:\Users\Admin\AppData\Local\Temp\file.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious use of WriteProcessMemory
    PID:884
    • C:\Users\Admin\AppData\Roaming\telemetry\svcservice.exe
      "C:\Users\Admin\AppData\Roaming\telemetry\svcservice.exe"
      2⤵
      • Executes dropped EXE
      PID:2032

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\telemetry\svcservice.exe
    Filesize

    413.6MB

    MD5

    a3653dad4745069cc3c1c512d3f192b6

    SHA1

    4b45cb4d3a681e115505e5e0e0c4da007a705b77

    SHA256

    ac89a1e3b6e869986f3ad53955b41eb48f88ab22f7d6ab7bc0c289163069cba9

    SHA512

    bf266baec82b92f3d1e15534851a7d7474526b891fc8b5a034eeec66c629031070dfc2206c96835802164f6b5c6bf61399ef353b5a6104294143cb0371710880

    Download Submit

  • C:\Users\Admin\AppData\Roaming\telemetry\svcservice.exe
    Filesize

    415.9MB

    MD5

    f46e1ab1fea0fe298a53cfd3e0739284

    SHA1

    bd9309af174f76986ad54fb223f261a96f13c205

    SHA256

    f3dc4cbae5d2a124328b21da5f83f9fa28b11ed5759f9f0daa31cac148fd395c

    SHA512

    574b113209c4db6b144f83673fa767d35eeb8b74391efb679ba705107cefb56c5359f391e62bfe505d4fd25ffe8d2259340db3cddf7c4cd4c09e6bab59f1fd49

    Download Submit

  • \Users\Admin\AppData\Roaming\telemetry\svcservice.exe
    Filesize

    412.2MB

    MD5

    8621c508537b1260efa09f61b08d1ea4

    SHA1

    adf5207876cd7c362ea066647504751da92dfbbd

    SHA256

    a221b9d4a19b4dd75534f7fa672d328ecf0790c17ad1b5556e18ef136ed5e874

    SHA512

    abd8081caad418bfac952c1f022438beb38f9123e9cd17a337db7a6c42cceb1915a0e3ca95f938b48bf3dd8a6e1742cd80a12498cdb660900a8a7ba617583911

    Download Submit

  • \Users\Admin\AppData\Roaming\telemetry\svcservice.exe
    Filesize

    423.7MB

    MD5

    417becf815e8690a67cae3950abcd478

    SHA1

    6d3f7f7ec6ba591a0d7facd0ded47d6969a6b38d

    SHA256

    b370139dba2fbb30c67b3305dfbb522de52e6b2e44ec4c24308919246b79a7aa

    SHA512

    9d1126c783241948a234990079a6c34911db52b79171a771ad0c520ac7f79f4659c5aa8a2c569b36d9974dfd9b6329c653fbd0de66062c92e2850698b10343b9

    Download Submit

  • memory/884-55-0x00000000002C0000-0x00000000002FE000-memory.dmp

    Filesize

    248KB

    Download

  • memory/884-64-0x0000000000400000-0x00000000004BD000-memory.dmp

    Filesize

    756KB

    Download

  • memory/2032-69-0x0000000000400000-0x00000000004BD000-memory.dmp

    Filesize

    756KB

    Download