Overview

overview

10

Static

static

1

dridex

windows10-1703-x64

10

Analysis

  • max time kernel
    148s
  • max time network
    151s
  • platform
    windows10-1703_x64
  • resource
    win10-20230220-en
  • resource tags

    arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
  • submitted
    19-03-2023 20:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4ca3dbb5395f00dd3e6a76add2069626e3db6222be3b8bba9a29444c5960f47f.exe

  • Size

    1.9MB

  • MD5

    aa3321fbcbc033da9e097aacf740fdc5

  • SHA1

    e9ecea40f56118e22d2d2bd53588d53804b2e91f

  • SHA256

    4ca3dbb5395f00dd3e6a76add2069626e3db6222be3b8bba9a29444c5960f47f

  • SHA512

    f8459386d1ec1151b1217587111a14584e2cf3086f2895e9c6ec67a3d50df93d20213e482999895ff9d0f58b3b9311254457a21fd15e14995cba5726758a7caa

  • SSDEEP

    49152:6mylYU6zFfVEiRKX5+7zYNdaHMufOS40NxTmClzh/:6mygzF9tgXU/YvFGOS40NBm8h

Score
10/10
laplasclipperpersistencestealer

Malware Config

Extracted

Family

laplas

C2

http://45.87.154.105

Attributes
  • api_key

    1c630872d348a77d04368d542fde4663bc2bcb96f1b909554db3472c08df2767

Signatures

  • Laplas Clipper

    Laplas is a crypto wallet stealer with three variants written in Golang, C#, and C++.

    stealerclipperlaplas
  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • GoLang User-Agent 1 IoCs

    Uses default user-agent string defined by GoLang HTTP packages.

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4ca3dbb5395f00dd3e6a76add2069626e3db6222be3b8bba9a29444c5960f47f.exe
    "C:\Users\Admin\AppData\Local\Temp\4ca3dbb5395f00dd3e6a76add2069626e3db6222be3b8bba9a29444c5960f47f.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious use of WriteProcessMemory
    PID:1804
    • C:\Users\Admin\AppData\Roaming\NTSystem\ntlhost.exe
      C:\Users\Admin\AppData\Roaming\NTSystem\ntlhost.exe
      2⤵
      • Executes dropped EXE
      PID:3124

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\NTSystem\ntlhost.exe
    Filesize

    785.9MB

    MD5

    3310c72f0464c3f0b554849b40f02991

    SHA1

    fd9f2cd644cf59cbbc32fec367f3346146c09e7d

    SHA256

    ef315910696d806d19d87141268168e6913a5230fb1e0685da4802387c500213

    SHA512

    ac045b4f61564de1dc98a379d34818cf6f8b543587f20d968ebce04d27e2f1bb6eb4fccab38421d1d2e4b1057fd35b3204237bf00f591105f2116ad43ecedc93

    Download Submit

  • C:\Users\Admin\AppData\Roaming\NTSystem\ntlhost.exe
    Filesize

    727.4MB

    MD5

    0c19ec9f952f5ceac403b662c06ef825

    SHA1

    9eb5b8ce8abc800e14d8c2eee7b93d95f9c9c4bd

    SHA256

    e2e15d53afe73ed80a2e0cf38a0ab457b23a0a5dc408b4bdbfc623a5365b6d4f

    SHA512

    05ff2de698ce3a37b022c7b0d5e4d73fd2c33df8ab803cf7c566fcbfa7f19cc99555a1efeac90bc07cb64be33d45e2d3f86f90aa2b6a725a9af2ea39f3a6a0fa

    Download Submit

  • memory/1804-121-0x0000000004B90000-0x0000000004F60000-memory.dmp

    Filesize

    3.8MB

    Download

  • memory/1804-127-0x0000000000400000-0x0000000002C8E000-memory.dmp

    Filesize

    40.6MB

    Download

  • memory/3124-133-0x0000000000400000-0x0000000002C8E000-memory.dmp

    Filesize

    40.6MB

    Download

  • memory/3124-136-0x0000000000400000-0x0000000002C8E000-memory.dmp

    Filesize

    40.6MB

    Download

  • memory/3124-130-0x0000000000400000-0x0000000002C8E000-memory.dmp

    Filesize

    40.6MB

    Download

  • memory/3124-132-0x0000000000400000-0x0000000002C8E000-memory.dmp

    Filesize

    40.6MB

    Download

  • memory/3124-128-0x0000000000400000-0x0000000002C8E000-memory.dmp

    Filesize

    40.6MB

    Download

  • memory/3124-134-0x0000000000400000-0x0000000002C8E000-memory.dmp

    Filesize

    40.6MB

    Download

  • memory/3124-135-0x0000000000400000-0x0000000002C8E000-memory.dmp

    Filesize

    40.6MB

    Download

  • memory/3124-129-0x0000000000400000-0x0000000002C8E000-memory.dmp

    Filesize

    40.6MB

    Download

  • memory/3124-137-0x0000000000400000-0x0000000002C8E000-memory.dmp

    Filesize

    40.6MB

    Download

  • memory/3124-138-0x0000000000400000-0x0000000002C8E000-memory.dmp

    Filesize

    40.6MB

    Download

  • memory/3124-139-0x0000000000400000-0x0000000002C8E000-memory.dmp

    Filesize

    40.6MB

    Download

  • memory/3124-140-0x0000000000400000-0x0000000002C8E000-memory.dmp

    Filesize

    40.6MB

    Download

  • memory/3124-141-0x0000000000400000-0x0000000002C8E000-memory.dmp

    Filesize

    40.6MB

    Download

  • memory/3124-142-0x0000000000400000-0x0000000002C8E000-memory.dmp

    Filesize

    40.6MB

    Download