General
-
Target
d75c660c2584891aa2072643e345c941.bin
-
Size
9.0MB
-
Sample
230317-jxmnkaha8z
-
MD5
ae5d3a04b23e473093ec586d594f5762
-
SHA1
1d4c3d1fe9b480736e415ae708167c4c7680adec
-
SHA256
385917c50e9e1956e4d22203100a6e6f9b3381042a119ecb91586e00a9a4b016
-
SHA512
623440d3e92605ab1733ef68d2792fb4a773674a1d18bff97c8773b17fc97f7395c844cd77f7954113126b7d86129fe9361372b709fd3f40f20379e2f1f2a184
-
SSDEEP
196608:m9DBMC6Fmo4S5xCdNhXxvYKSX1GBox5bVLVuhIwuofmYXQd9mifvaTGd:mvEFZ5xCdNjDSXMSPdV6hmY2tfvcQ
Malware Config
Extracted
laplas
http://193.233.20.134
-
api_key
57728dce0f7018e17faf9f061cb2d77048e08414376baf6d860b78e74e83c208
Targets
-
-
Target
11b80af6cb8bffedc46b7586644a29e9854ec440421926d7acd40e80b5ba08be.exe
-
Size
10.5MB
-
MD5
d75c660c2584891aa2072643e345c941
-
SHA1
cc3ed51870ecd89963428c4d3638c8a99d0ea991
-
SHA256
11b80af6cb8bffedc46b7586644a29e9854ec440421926d7acd40e80b5ba08be
-
SHA512
8a9ab5f164b7268ff56529c35bf97dccedff20f822e2a4daabc97e0af7cfd9f31593df440a337e6b9d84db60e5ed0be6f238545f367dada3012c54f4c61bd7d6
-
SSDEEP
196608:e+la0xOiukoEzn0quVFJ/ODw+lxihvwo:e+s0mDHVFo7Aw
Score10/10-
Laplas Clipper
Laplas is a crypto wallet stealer with three variants written in Golang, C#, and C++.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-