Overview

overview

10

Static

static

1

dridex

windows10-1703-x64

10

Analysis

  • max time kernel
    147s
  • max time network
    134s
  • platform
    windows10-1703_x64
  • resource
    win10-20230220-en
  • resource tags

    arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
  • submitted
    19-03-2023 17:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    76cc8757ee316be0f5df4dc50c3a037c80c973010bf14865530c6565ed9dd6cc.exe

  • Size

    1.9MB

  • MD5

    43c579b61538e72afa5307046c2f110d

  • SHA1

    b8c34206cec5c7993ec20c4bf6ce78c024179137

  • SHA256

    76cc8757ee316be0f5df4dc50c3a037c80c973010bf14865530c6565ed9dd6cc

  • SHA512

    3b4dfeea0d5c44bb419eba2a063d4ecee83862b2a06aae446b7a591c60bce93dfcd58c382a72d597a302ea12be3efa6711fb9791b34c85faed5867c3bef59d52

  • SSDEEP

    49152:TWtQzK/HdYuPKuWoUhjlT0O5Ch05Tjij:TLK/HSuPKuWZhjt0OQqJj6

Score
10/10
laplasclipperpersistencestealer

Malware Config

Extracted

Family

laplas

C2

http://45.87.154.105

Attributes
  • api_key

    1c630872d348a77d04368d542fde4663bc2bcb96f1b909554db3472c08df2767

Signatures

  • Laplas Clipper

    Laplas is a crypto wallet stealer with three variants written in Golang, C#, and C++.

    stealerclipperlaplas
  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • GoLang User-Agent 1 IoCs

    Uses default user-agent string defined by GoLang HTTP packages.

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\76cc8757ee316be0f5df4dc50c3a037c80c973010bf14865530c6565ed9dd6cc.exe
    "C:\Users\Admin\AppData\Local\Temp\76cc8757ee316be0f5df4dc50c3a037c80c973010bf14865530c6565ed9dd6cc.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious use of WriteProcessMemory
    PID:2236
    • C:\Users\Admin\AppData\Roaming\NTSystem\ntlhost.exe
      C:\Users\Admin\AppData\Roaming\NTSystem\ntlhost.exe
      2⤵
      • Executes dropped EXE
      PID:2552

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\NTSystem\ntlhost.exe
    Filesize

    703.0MB

    MD5

    43ca64080bef10ab9387c67b6a132729

    SHA1

    b052931cd625a38ccd5213434c2acaf155bb4bd5

    SHA256

    3790b73270dd6b70e1b70de4e030e80b2c860024b6b00b5642e3cc1bf1500ae3

    SHA512

    a32bce1b48bd6ce8a596172f2fca05976c0af6194fdbc23c2dff6db2a49db3b43953a087c2d5bff318abf84352380992d1718d64582ab50b0eeb68c1e3a35357

    Download Submit

  • C:\Users\Admin\AppData\Roaming\NTSystem\ntlhost.exe
    Filesize

    617.2MB

    MD5

    2129e5d0e5d652c7f76e5546e74a421f

    SHA1

    ae91d4e73dff9f6438f3621fbfb19cbc480fb038

    SHA256

    928c4f8a1fae87f99ea13dea2124546024d45745d9870f6901185e62abe07748

    SHA512

    ed19be1674767b5d1319baf77728218d4a8bfb1766b1e0416173959a2319a1f007b6b16d9d80ce2601d2551c306fc43972efcb09b0dca6894f40cc21a56d47a5

    Download Submit

  • memory/2236-122-0x0000000004DB0000-0x0000000005180000-memory.dmp

    Filesize

    3.8MB

    Download

  • memory/2236-128-0x0000000000400000-0x0000000002C8E000-memory.dmp

    Filesize

    40.6MB

    Download

  • memory/2552-133-0x0000000000400000-0x0000000002C8E000-memory.dmp

    Filesize

    40.6MB

    Download

  • memory/2552-137-0x0000000000400000-0x0000000002C8E000-memory.dmp

    Filesize

    40.6MB

    Download

  • memory/2552-131-0x0000000000400000-0x0000000002C8E000-memory.dmp

    Filesize

    40.6MB

    Download

  • memory/2552-132-0x0000000000400000-0x0000000002C8E000-memory.dmp

    Filesize

    40.6MB

    Download

  • memory/2552-129-0x0000000000400000-0x0000000002C8E000-memory.dmp

    Filesize

    40.6MB

    Download

  • memory/2552-134-0x0000000000400000-0x0000000002C8E000-memory.dmp

    Filesize

    40.6MB

    Download

  • memory/2552-136-0x0000000000400000-0x0000000002C8E000-memory.dmp

    Filesize

    40.6MB

    Download

  • memory/2552-130-0x0000000000400000-0x0000000002C8E000-memory.dmp

    Filesize

    40.6MB

    Download

  • memory/2552-138-0x0000000000400000-0x0000000002C8E000-memory.dmp

    Filesize

    40.6MB

    Download

  • memory/2552-139-0x0000000000400000-0x0000000002C8E000-memory.dmp

    Filesize

    40.6MB

    Download

  • memory/2552-140-0x0000000000400000-0x0000000002C8E000-memory.dmp

    Filesize

    40.6MB

    Download

  • memory/2552-141-0x0000000000400000-0x0000000002C8E000-memory.dmp

    Filesize

    40.6MB

    Download

  • memory/2552-142-0x0000000000400000-0x0000000002C8E000-memory.dmp

    Filesize

    40.6MB

    Download

  • memory/2552-143-0x0000000000400000-0x0000000002C8E000-memory.dmp

    Filesize

    40.6MB

    Download