laplas | 9fd8f6b9da8e8e845e6df797bf107adaae3a5cb45ce45819c18fdbfbaf3f76a5 | Triage

Sharing

General

Target

setup.exe
Size

1.8MB
Sample

230320-n4lgasdd44
MD5

94ce1cdbccb31d0993990d8a5fbd34d8
SHA1

392bb3736fe7b5e45f808f69097ae422ebc5c018
SHA256

9fd8f6b9da8e8e845e6df797bf107adaae3a5cb45ce45819c18fdbfbaf3f76a5
SHA512

2525b7ac471490b61ab425c81c85956de1ff8d2a97787e95341bbd0f2047521183533495005eeefc427a30ec979e36421533696ecb7dadade57c13881294d7ab
SSDEEP

49152:rzmvpQccgreskIaAUgrqgHkrWIF994X5IBYr:rzOJtqgHkVoIB

Score

10^/10

laplas clipper persistence stealer

Malware Config

Extracted

Family

laplas

C2

http://45.87.154.105

Attributes

api_key
1c630872d348a77d04368d542fde4663bc2bcb96f1b909554db3472c08df2767

Targets

- Target
  
  setup.exe
- Size
  
  1.8MB
- MD5
  
  94ce1cdbccb31d0993990d8a5fbd34d8
- SHA1
  
  392bb3736fe7b5e45f808f69097ae422ebc5c018
- SHA256
  
  9fd8f6b9da8e8e845e6df797bf107adaae3a5cb45ce45819c18fdbfbaf3f76a5
- SHA512
  
  2525b7ac471490b61ab425c81c85956de1ff8d2a97787e95341bbd0f2047521183533495005eeefc427a30ec979e36421533696ecb7dadade57c13881294d7ab
- SSDEEP
  
  49152:rzmvpQccgreskIaAUgrqgHkrWIF994X5IBYr:rzOJtqgHkVoIB
Score

10^/10

laplas clipper persistence stealer
- Laplas Clipper
  Laplas is a crypto wallet stealer with three variants written in Golang, C#, and C++.
  stealer clipper laplas
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

laplasclipperpersistencestealer

behavioral2

laplasclipperpersistencestealer