General
-
Target
52c2aab5db064589215ff940a3d4863df4139023e1964e83c9042dbeb0910c4c
-
Size
245KB
-
Sample
230317-fna2maec98
-
MD5
deb575fb7d7965416ce0c28c5c08d201
-
SHA1
3f7fba1ef1a4e11352b5c6171110a7b9a378ad65
-
SHA256
52c2aab5db064589215ff940a3d4863df4139023e1964e83c9042dbeb0910c4c
-
SHA512
69d37e4bcc13246b77392ae732cf8544050f40ef81f4712d6927c76a71a0d07dea974200d16bdf871336d9c73430623b64d9fba38be2364727ca8be2d53fe470
-
SSDEEP
3072:301D+S3DgYifHrp+HVS+zQ/4GlLEER5uJ1SLUaTUafmIBprSM4asZVJV4n/fhVG8:ADRsrpSDc1TyCUaYZmgasHJV4nnh44J
Malware Config
Extracted
laplas
http://45.159.189.105
-
api_key
9ee0ef01cd0f0468c997745b63f39799e510412a4bb4e6ff8efcf6f8ac926172
Targets
-
-
Target
52c2aab5db064589215ff940a3d4863df4139023e1964e83c9042dbeb0910c4c
-
Size
245KB
-
MD5
deb575fb7d7965416ce0c28c5c08d201
-
SHA1
3f7fba1ef1a4e11352b5c6171110a7b9a378ad65
-
SHA256
52c2aab5db064589215ff940a3d4863df4139023e1964e83c9042dbeb0910c4c
-
SHA512
69d37e4bcc13246b77392ae732cf8544050f40ef81f4712d6927c76a71a0d07dea974200d16bdf871336d9c73430623b64d9fba38be2364727ca8be2d53fe470
-
SSDEEP
3072:301D+S3DgYifHrp+HVS+zQ/4GlLEER5uJ1SLUaTUafmIBprSM4asZVJV4n/fhVG8:ADRsrpSDc1TyCUaYZmgasHJV4nnh44J
Score10/10-
Laplas Clipper
Laplas is a crypto wallet stealer with three variants written in Golang, C#, and C++.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-