General
-
Target
134d8a47c6f8fa3d99b60ce9e4faff2d.exe
-
Size
296KB
-
Sample
230317-swbpcaah5z
-
MD5
134d8a47c6f8fa3d99b60ce9e4faff2d
-
SHA1
9d102bfa660683be4d56e86eaca1050ceb2a42c0
-
SHA256
34bb4acf55ee9866edad0f31075c09276dbb303b004b63a1ce00b3504e7c9bc3
-
SHA512
01d61b5e070502ccd55ad6f1b8f61771555fc288f888bc3bf4acf5db42cb3213bae4587a9dd19ae0364680492f8ccf826f6009dd969ec477157cbb027f4226e2
-
SSDEEP
6144:Gg1LJLpZH0ua7uqaLNeaqPYMDQ4BTfOieY:Gg19LpZVqeNVS3DQL
Malware Config
Extracted
laplas
http://45.87.154.105
-
api_key
1c630872d348a77d04368d542fde4663bc2bcb96f1b909554db3472c08df2767
Targets
-
-
Target
134d8a47c6f8fa3d99b60ce9e4faff2d.exe
-
Size
296KB
-
MD5
134d8a47c6f8fa3d99b60ce9e4faff2d
-
SHA1
9d102bfa660683be4d56e86eaca1050ceb2a42c0
-
SHA256
34bb4acf55ee9866edad0f31075c09276dbb303b004b63a1ce00b3504e7c9bc3
-
SHA512
01d61b5e070502ccd55ad6f1b8f61771555fc288f888bc3bf4acf5db42cb3213bae4587a9dd19ae0364680492f8ccf826f6009dd969ec477157cbb027f4226e2
-
SSDEEP
6144:Gg1LJLpZH0ua7uqaLNeaqPYMDQ4BTfOieY:Gg19LpZVqeNVS3DQL
Score10/10-
Laplas Clipper
Laplas is a crypto wallet stealer with three variants written in Golang, C#, and C++.
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-