Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    b46481ba0ba92b4cf9306181a82bff5cd1f1213fd23fb73c01a5b46435c7bebc.zip

  • Size

    1.7MB

  • Sample

    230321-rzwcgsbc39

  • MD5

    7579e9586a08c38fe2542231a7d405fd

  • SHA1

    369fd2aef0af520d15ce44068ff8cda0237c8caf

  • SHA256

    0b5a11c6d54197c5d8416fe31269f1d4448dd7935adf53725ca31f07c98bbbe4

  • SHA512

    0dcbc7dd6cb8fd3418b38a29ba20df3f22341d224aaccd729cc3c8ec09789eac312df8005931877d5324751225078bfa6651c4e826b38418be089d9cc1e6f25c

  • SSDEEP

    49152:+LpH5gT1tt167MonMqkdAvKh2dnq9Svv2ymMf+vUa5f:el5g14MAMqkSKMw9SveV8+sE

Malware Config

Extracted

Family

laplas

C2

http://45.87.154.105

Attributes
  • api_key

    1c630872d348a77d04368d542fde4663bc2bcb96f1b909554db3472c08df2767

Targets

    • Target

      b46481ba0ba92b4cf9306181a82bff5cd1f1213fd23fb73c01a5b46435c7bebc.exe

    • Size

      1.9MB

    • MD5

      7e1ee04719bea1b532ed44609632ccd9

    • SHA1

      f6ad1ded616f8877cb34f873b3597aa6df50e957

    • SHA256

      b46481ba0ba92b4cf9306181a82bff5cd1f1213fd23fb73c01a5b46435c7bebc

    • SHA512

      0bbb7c9e68f27d05476a301ec95b0a3ee7ab46ab3e912adcb14bbe44015b07ef1668e076518076abf79c6b366a1d59f057553411383a263ab539786853bc2819

    • SSDEEP

      24576:prRWZ35JhqWpgXEC9CsacGA2XqHO4fOD22eAbFKhvb12pG5UojUsw1EyYMoPBETh:prsvJhS7Rj26H/fOyj1qG5UojUslMoJ

    • Laplas Clipper

      Laplas is a crypto wallet stealer with three variants written in Golang, C#, and C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks