General

  • Target

    e78b816c45b724995d96bbfef7eef35189f357836b0b47454e0f6dfd3be06d8d

  • Size

    1.9MB

  • Sample

    230318-g9l7fsde6z

  • MD5

    e9459c4e90448a2078dded1a0743d268

  • SHA1

    86b674b3620b68f6d8148f8bee741611e6d5c0ff

  • SHA256

    e78b816c45b724995d96bbfef7eef35189f357836b0b47454e0f6dfd3be06d8d

  • SHA512

    f23c95d20fe12d144952864e9e0a4ae8e1e94d7354b62d8403bee2ddbc60aad859597d2ea93ce9a805ddefa58baa5ef0ce512f303e987f1ea3526d70ca6bc0f8

  • SSDEEP

    49152:b/YZkFrrWpK00q9ClYsdEIDv9ozUi3hOXFdPlqNB0C1FT:b/MkprIK0ifxD1hiRaEF

Malware Config

Extracted

Family

laplas

C2

http://45.87.154.105

Attributes
  • api_key

    1c630872d348a77d04368d542fde4663bc2bcb96f1b909554db3472c08df2767

Targets

    • Target

      e78b816c45b724995d96bbfef7eef35189f357836b0b47454e0f6dfd3be06d8d

    • Size

      1.9MB

    • MD5

      e9459c4e90448a2078dded1a0743d268

    • SHA1

      86b674b3620b68f6d8148f8bee741611e6d5c0ff

    • SHA256

      e78b816c45b724995d96bbfef7eef35189f357836b0b47454e0f6dfd3be06d8d

    • SHA512

      f23c95d20fe12d144952864e9e0a4ae8e1e94d7354b62d8403bee2ddbc60aad859597d2ea93ce9a805ddefa58baa5ef0ce512f303e987f1ea3526d70ca6bc0f8

    • SSDEEP

      49152:b/YZkFrrWpK00q9ClYsdEIDv9ozUi3hOXFdPlqNB0C1FT:b/MkprIK0ifxD1hiRaEF

    • Laplas Clipper

      Laplas is a crypto wallet stealer with three variants written in Golang, C#, and C++.

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks