laplas | 57c55683cc7cd4675f6568f60a8177f627d62b247d85456db10a19badac61d3a | Triage

Sharing

General

Target

9fd8f6b9da8e8e845e6df797bf107adaae3a5cb45ce45819c18fdbfbaf3f76a5.zip
Size

1.7MB
Sample

230321-rzwcgsdc7x
MD5

79f580d9720806f54b99689660938778
SHA1

161357a775fce17d952fb6f9eb174b92c32c7a27
SHA256

57c55683cc7cd4675f6568f60a8177f627d62b247d85456db10a19badac61d3a
SHA512

ab7db9ec92696e1e45d437c9418ba809bcc2b471b7fb5b55741befc128a474c8d77622634b86333caad18b40c4a73e435c1a20aa6c596865e68ea1910ad663e5
SSDEEP

49152:krgvumFv1g7WLiH+5twKNTEiM12JuxDYx:krkucgKGer9GvmVx

Score

10^/10

laplas clipper persistence stealer

Malware Config

Extracted

Family

laplas

C2

http://45.87.154.105

Attributes

api_key
1c630872d348a77d04368d542fde4663bc2bcb96f1b909554db3472c08df2767

Targets

- Target
  
  9fd8f6b9da8e8e845e6df797bf107adaae3a5cb45ce45819c18fdbfbaf3f76a5.exe
- Size
  
  1.8MB
- MD5
  
  94ce1cdbccb31d0993990d8a5fbd34d8
- SHA1
  
  392bb3736fe7b5e45f808f69097ae422ebc5c018
- SHA256
  
  9fd8f6b9da8e8e845e6df797bf107adaae3a5cb45ce45819c18fdbfbaf3f76a5
- SHA512
  
  2525b7ac471490b61ab425c81c85956de1ff8d2a97787e95341bbd0f2047521183533495005eeefc427a30ec979e36421533696ecb7dadade57c13881294d7ab
- SSDEEP
  
  49152:rzmvpQccgreskIaAUgrqgHkrWIF994X5IBYr:rzOJtqgHkVoIB
Score

10^/10

laplas clipper persistence stealer
- Laplas Clipper
  Laplas is a crypto wallet stealer with three variants written in Golang, C#, and C++.
  stealer clipper laplas
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

laplasclipperpersistencestealer

behavioral2

laplasclipperpersistencestealer