General
-
Target
83ef37848861e03de4de0eef1ae5d1ee1da1a9b95b4d2105158e32ef78202cd1
-
Size
295KB
-
Sample
230318-gqechade2z
-
MD5
a7f60b88ac18611085f6e830fd7de8b8
-
SHA1
a80bbc6dbaeb03c9ec802c85e0f0898f9707fc6e
-
SHA256
83ef37848861e03de4de0eef1ae5d1ee1da1a9b95b4d2105158e32ef78202cd1
-
SHA512
964bf24adcfed3d2c7e5ce64a7cf29b23058e7b530a4421a18cd7764713a6028d06b147ae588fcd2532395410c467ec73dc38152c5078d037ce6a89270e3064d
-
SSDEEP
3072:D5h7wrLHKWKbneGV5NV1nqJKf0e7yBIYdbJ9P4lIyX58a2tDKLu:zwrLHTKz7V5Nioa5bJ9AlILULu
Malware Config
Extracted
laplas
http://45.87.154.105
-
api_key
1c630872d348a77d04368d542fde4663bc2bcb96f1b909554db3472c08df2767
Targets
-
-
Target
83ef37848861e03de4de0eef1ae5d1ee1da1a9b95b4d2105158e32ef78202cd1
-
Size
295KB
-
MD5
a7f60b88ac18611085f6e830fd7de8b8
-
SHA1
a80bbc6dbaeb03c9ec802c85e0f0898f9707fc6e
-
SHA256
83ef37848861e03de4de0eef1ae5d1ee1da1a9b95b4d2105158e32ef78202cd1
-
SHA512
964bf24adcfed3d2c7e5ce64a7cf29b23058e7b530a4421a18cd7764713a6028d06b147ae588fcd2532395410c467ec73dc38152c5078d037ce6a89270e3064d
-
SSDEEP
3072:D5h7wrLHKWKbneGV5NV1nqJKf0e7yBIYdbJ9P4lIyX58a2tDKLu:zwrLHTKz7V5Nioa5bJ9AlILULu
Score10/10-
Laplas Clipper
Laplas is a crypto wallet stealer with three variants written in Golang, C#, and C++.
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-