General

  • Target

    9efdd8a1cb7e1456d448574f54fb0d0150b2cb00f85b5cb5e22bb851f7a2a933

  • Size

    1.9MB

  • Sample

    230318-lvcrpadh8t

  • MD5

    ca4dc2d2ba8f3879a4bac971c2b3a9f4

  • SHA1

    47875f7b9fdce32c7d45a34dd9d8993556fe5b45

  • SHA256

    9efdd8a1cb7e1456d448574f54fb0d0150b2cb00f85b5cb5e22bb851f7a2a933

  • SHA512

    018d0ef3cc3de428286199336e5214600a4a2c92e39443b7d4f5e30298bdbffb0a3acfa9a2b218b83496d535dd98aba47918708343c8e9d31ee26f09b42ef4c1

  • SSDEEP

    49152:XQ4npiAnaCcG7hETqhpI98BHFmxH8msDS5K:XQCpWWiqhpam2P

Malware Config

Extracted

Family

laplas

C2

http://45.87.154.105

Attributes
  • api_key

    1c630872d348a77d04368d542fde4663bc2bcb96f1b909554db3472c08df2767

Targets

    • Target

      9efdd8a1cb7e1456d448574f54fb0d0150b2cb00f85b5cb5e22bb851f7a2a933

    • Size

      1.9MB

    • MD5

      ca4dc2d2ba8f3879a4bac971c2b3a9f4

    • SHA1

      47875f7b9fdce32c7d45a34dd9d8993556fe5b45

    • SHA256

      9efdd8a1cb7e1456d448574f54fb0d0150b2cb00f85b5cb5e22bb851f7a2a933

    • SHA512

      018d0ef3cc3de428286199336e5214600a4a2c92e39443b7d4f5e30298bdbffb0a3acfa9a2b218b83496d535dd98aba47918708343c8e9d31ee26f09b42ef4c1

    • SSDEEP

      49152:XQ4npiAnaCcG7hETqhpI98BHFmxH8msDS5K:XQCpWWiqhpam2P

    • Laplas Clipper

      Laplas is a crypto wallet stealer with three variants written in Golang, C#, and C++.

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks