laplas | 33515cdbda7555aa1f75bb2ce9c3d20d4385f026decb2db39d8bc0518e00e8ca | Triage

Submit
Reports

Overview

overview

Static

static

1

dridex

windows10-2004-x64

Sharing

General

Target

33515cdbda7555aa1f75bb2ce9c3d20d4385f026decb2db39d8bc0518e00e8ca
Size

290KB
Sample

230319-ns5e2agb77
MD5

0b55cbc503ab5a3920302d06a3d32b5d
SHA1

5d316ed4ac8c03b38524fc01e78e7181ccccbb5b
SHA256

33515cdbda7555aa1f75bb2ce9c3d20d4385f026decb2db39d8bc0518e00e8ca
SHA512

84077405ce5cdad23fde89642281d5d978048f3ad568970e1bff59993ad2c022eaff2a250bfbc0a74fe8c2eea4c68f39bd7d854e4656866b9bf486308b50ae4d
SSDEEP

3072:2nUnLLQo1s4UK/z8B1ed7WUI5RfqmjuO5kAJ5Rf0JhjX:9nLLQeUK/Yed85Rf/kAdfuhr

Score

10^/10

laplas clipper discovery persistence spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

33515cdbda7555aa1f75bb2ce9c3d20d4385f026decb2db39d8bc0518e00e8ca.exe

Resource

win10v2004-20230220-en

laplas clipper discovery persistence spyware stealer

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Extracted

Family

laplas

C2

http://45.87.154.105

Attributes

api_key
1c630872d348a77d04368d542fde4663bc2bcb96f1b909554db3472c08df2767

Targets

- Target
  
  33515cdbda7555aa1f75bb2ce9c3d20d4385f026decb2db39d8bc0518e00e8ca
- Size
  
  290KB
- MD5
  
  0b55cbc503ab5a3920302d06a3d32b5d
- SHA1
  
  5d316ed4ac8c03b38524fc01e78e7181ccccbb5b
- SHA256
  
  33515cdbda7555aa1f75bb2ce9c3d20d4385f026decb2db39d8bc0518e00e8ca
- SHA512
  
  84077405ce5cdad23fde89642281d5d978048f3ad568970e1bff59993ad2c022eaff2a250bfbc0a74fe8c2eea4c68f39bd7d854e4656866b9bf486308b50ae4d
- SSDEEP
  
  3072:2nUnLLQo1s4UK/z8B1ed7WUI5RfqmjuO5kAJ5Rf0JhjX:9nLLQeUK/Yed85Rf/kAdfuhr
Score

10^/10

laplas clipper discovery persistence spyware stealer
- Laplas Clipper
  Laplas is a crypto wallet stealer with three variants written in Golang, C#, and C++.
  stealer clipper laplas
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

laplasclipperdiscoverypersistencespywarestealer

© 2018-2025

Terms | Privacy