laplas | 2a8e2ab611c7ea1a7c4e7b6fd50cef0a812ae4921a66d25106a039c90582ce29 | Triage

Sharing

General

Target

avicapn32.exe
Size

8.6MB
Sample

230318-zsn9lafg9s
MD5

8d7cf73ce0624c89820492186e81268e
SHA1

f43f83b11e6e4b850297443a30803f72cef99489
SHA256

2a8e2ab611c7ea1a7c4e7b6fd50cef0a812ae4921a66d25106a039c90582ce29
SHA512

2bc53e07e6d5d6b4267430011943824590001d8c341a5ccffb2260fc26fa1693d4a146f27a26a579450f822c5998551dfda50814e0b24d4cba8c903ccd8289cd
SSDEEP

196608:dCFM0/NuKzJqwRCCuNhH8DuSHVKiPxtgDe/3jyAan7Ftnl+6+GVp7:KMMsA3U4t1HDOAI7T7

Score

10^/10

laplas clipper persistence stealer

Malware Config

Extracted

Family

laplas

C2

http://185.223.93.223

Attributes

api_key
afc950a4a18fd71c9d7be4c460e4cb77d0bcf29a49d097e4e739c17c332c3a34

Targets

- Target
  
  avicapn32.exe
- Size
  
  8.6MB
- MD5
  
  8d7cf73ce0624c89820492186e81268e
- SHA1
  
  f43f83b11e6e4b850297443a30803f72cef99489
- SHA256
  
  2a8e2ab611c7ea1a7c4e7b6fd50cef0a812ae4921a66d25106a039c90582ce29
- SHA512
  
  2bc53e07e6d5d6b4267430011943824590001d8c341a5ccffb2260fc26fa1693d4a146f27a26a579450f822c5998551dfda50814e0b24d4cba8c903ccd8289cd
- SSDEEP
  
  196608:dCFM0/NuKzJqwRCCuNhH8DuSHVKiPxtgDe/3jyAan7Ftnl+6+GVp7:KMMsA3U4t1HDOAI7T7
Score

10^/10

laplas clipper persistence stealer
- Laplas Clipper
  Laplas is a crypto wallet stealer with three variants written in Golang, C#, and C++.
  stealer clipper laplas
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

laplasclipperpersistencestealer

behavioral2

laplasclipperpersistencestealer