Overview

overview

10

Static

static

1

Installer.exe

windows7-x64

10

Installer.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    148s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18-03-2023 14:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Installer.exe

  • Size

    1.9MB

  • MD5

    78d8d347bab1cea911f9c841654acef0

  • SHA1

    81597af51260f0e810095374b3a997952dd67101

  • SHA256

    7c849ca7534ee84e5e769f3f84f6af78121bc4e45b9888d1fdbfedd338b7e606

  • SHA512

    77db0a76049cd38999753b7b7d0fb22ab6d5d5ae6727c2385526e2da5bdd7617e5a67f2e5419a06622a8e674ef810fa7cfe3d1bdefbb8a79253d890b07d39230

  • SSDEEP

    24576:YcOkrpxc/T6kiXls2hPSu/9h0rxJSAWI3Hlbgcgtoz9Le7+fC8US431Tgt/Ts:YXkrH0Wdf9yTRlbgcgq9Le7+fppw1T

Score
10/10
laplasclipperpersistencestealer

Malware Config

Extracted

Family

laplas

C2

http://45.87.154.105

Attributes
  • api_key

    1c630872d348a77d04368d542fde4663bc2bcb96f1b909554db3472c08df2767

Signatures

  • Laplas Clipper

    Laplas is a crypto wallet stealer with three variants written in Golang, C#, and C++.

    stealerclipperlaplas
  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • GoLang User-Agent 1 IoCs

    Uses default user-agent string defined by GoLang HTTP packages.

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Installer.exe
    "C:\Users\Admin\AppData\Local\Temp\Installer.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious use of WriteProcessMemory
    PID:1764
    • C:\Users\Admin\AppData\Roaming\NTSystem\ntlhost.exe
      C:\Users\Admin\AppData\Roaming\NTSystem\ntlhost.exe
      2⤵
      • Executes dropped EXE
      PID:264

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\NTSystem\ntlhost.exe
    Filesize

    762.9MB

    MD5

    8133d3a4a69282c7749dbdb748bf76f3

    SHA1

    4ffe650a4ed384be68b6ead1e1e1ee0ec0c7769a

    SHA256

    3e3d9699961f386463339062537cf7bd3533deb99d5c204c83f2e1fcd5ee5dc6

    SHA512

    0060694a1fe06b7bf4c0dcdd55172fcbca6c4ebd96a428b27c5a3ab897a2ef2b1b961e800b0be1c30137cba17f273828458a1b88247d1bb1ec7774c5d143dfe3

    Download Submit

  • C:\Users\Admin\AppData\Roaming\NTSystem\ntlhost.exe
    Filesize

    762.9MB

    MD5

    8133d3a4a69282c7749dbdb748bf76f3

    SHA1

    4ffe650a4ed384be68b6ead1e1e1ee0ec0c7769a

    SHA256

    3e3d9699961f386463339062537cf7bd3533deb99d5c204c83f2e1fcd5ee5dc6

    SHA512

    0060694a1fe06b7bf4c0dcdd55172fcbca6c4ebd96a428b27c5a3ab897a2ef2b1b961e800b0be1c30137cba17f273828458a1b88247d1bb1ec7774c5d143dfe3

    Download Submit

  • memory/264-148-0x0000000000400000-0x0000000002C98000-memory.dmp

    Filesize

    40.6MB

    Download

  • memory/264-149-0x0000000000400000-0x0000000002C98000-memory.dmp

    Filesize

    40.6MB

    Download

  • memory/264-157-0x0000000000400000-0x0000000002C98000-memory.dmp

    Filesize

    40.6MB

    Download

  • memory/264-142-0x0000000004C00000-0x0000000004FD0000-memory.dmp

    Filesize

    3.8MB

    Download

  • memory/264-143-0x0000000000400000-0x0000000002C98000-memory.dmp

    Filesize

    40.6MB

    Download

  • memory/264-144-0x0000000000400000-0x0000000002C98000-memory.dmp

    Filesize

    40.6MB

    Download

  • memory/264-145-0x0000000000400000-0x0000000002C98000-memory.dmp

    Filesize

    40.6MB

    Download

  • memory/264-147-0x0000000000400000-0x0000000002C98000-memory.dmp

    Filesize

    40.6MB

    Download

  • memory/264-156-0x0000000000400000-0x0000000002C98000-memory.dmp

    Filesize

    40.6MB

    Download

  • memory/264-155-0x0000000000400000-0x0000000002C98000-memory.dmp

    Filesize

    40.6MB

    Download

  • memory/264-150-0x0000000000400000-0x0000000002C98000-memory.dmp

    Filesize

    40.6MB

    Download

  • memory/264-151-0x0000000000400000-0x0000000002C98000-memory.dmp

    Filesize

    40.6MB

    Download

  • memory/264-152-0x0000000000400000-0x0000000002C98000-memory.dmp

    Filesize

    40.6MB

    Download

  • memory/264-153-0x0000000000400000-0x0000000002C98000-memory.dmp

    Filesize

    40.6MB

    Download

  • memory/264-154-0x0000000000400000-0x0000000002C98000-memory.dmp

    Filesize

    40.6MB

    Download

  • memory/1764-136-0x0000000000400000-0x0000000002C98000-memory.dmp

    Filesize

    40.6MB

    Download

  • memory/1764-134-0x0000000004C00000-0x0000000004FD0000-memory.dmp

    Filesize

    3.8MB

    Download

  • memory/1764-140-0x0000000000400000-0x0000000002C98000-memory.dmp

    Filesize

    40.6MB

    Download