laplas | 0b5a11c6d54197c5d8416fe31269f1d4448dd7935adf53725ca31f07c98bbbe4 | Triage

Sharing

General

Target

b46481ba0ba92b4cf9306181a82bff5cd1f1213fd23fb73c01a5b46435c7bebc.zip
Size

1.7MB
Sample

230321-rzwcgsbc39
MD5

7579e9586a08c38fe2542231a7d405fd
SHA1

369fd2aef0af520d15ce44068ff8cda0237c8caf
SHA256

0b5a11c6d54197c5d8416fe31269f1d4448dd7935adf53725ca31f07c98bbbe4
SHA512

0dcbc7dd6cb8fd3418b38a29ba20df3f22341d224aaccd729cc3c8ec09789eac312df8005931877d5324751225078bfa6651c4e826b38418be089d9cc1e6f25c
SSDEEP

49152:+LpH5gT1tt167MonMqkdAvKh2dnq9Svv2ymMf+vUa5f:el5g14MAMqkSKMw9SveV8+sE

Score

10^/10

laplas clipper persistence stealer

Malware Config

Extracted

Family

laplas

C2

http://45.87.154.105

Attributes

api_key
1c630872d348a77d04368d542fde4663bc2bcb96f1b909554db3472c08df2767

Targets

- Target
  
  b46481ba0ba92b4cf9306181a82bff5cd1f1213fd23fb73c01a5b46435c7bebc.exe
- Size
  
  1.9MB
- MD5
  
  7e1ee04719bea1b532ed44609632ccd9
- SHA1
  
  f6ad1ded616f8877cb34f873b3597aa6df50e957
- SHA256
  
  b46481ba0ba92b4cf9306181a82bff5cd1f1213fd23fb73c01a5b46435c7bebc
- SHA512
  
  0bbb7c9e68f27d05476a301ec95b0a3ee7ab46ab3e912adcb14bbe44015b07ef1668e076518076abf79c6b366a1d59f057553411383a263ab539786853bc2819
- SSDEEP
  
  24576:prRWZ35JhqWpgXEC9CsacGA2XqHO4fOD22eAbFKhvb12pG5UojUsw1EyYMoPBETh:prsvJhS7Rj26H/fOyj1qG5UojUslMoJ
Score

10^/10

laplas clipper persistence stealer
- Laplas Clipper
  Laplas is a crypto wallet stealer with three variants written in Golang, C#, and C++.
  stealer clipper laplas
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

laplasclipperpersistencestealer

behavioral2

laplasclipperpersistencestealer