Overview

overview

10

Static

static

1

dridex

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2f76513c2b7c8f967a70526fdcf1e5c7976a4a77496e81be277c71fbbfcc3f54

  • Size

    1.9MB

  • Sample

    230321-tz4pzaea2w

  • MD5

    181cf5e5f39bbe387b3b985b826b16f1

  • SHA1

    4de92a14f49359ed21c3ee0be536f3126eda37db

  • SHA256

    2f76513c2b7c8f967a70526fdcf1e5c7976a4a77496e81be277c71fbbfcc3f54

  • SHA512

    56acae12a3af47a0ac9cf7261e5e51e4f34fb37fed8026f3694ab013eed3c5a5898733ab0d8dc99294af8b1cd80348f75efc262697b7ccea4c69188a9eb7b6b8

  • SSDEEP

    49152:TkLM27jaMzaTnmg4Gd+cauh5ZvumK3GVtoxRTGs:TGM2GMuCg4h05ZvpILRL

Score
10/10
laplasclipperpersistencestealer

Malware Config

Extracted

Family

laplas

C2

http://45.87.154.105

Attributes
  • api_key

    1c630872d348a77d04368d542fde4663bc2bcb96f1b909554db3472c08df2767

Targets

    • Target

      2f76513c2b7c8f967a70526fdcf1e5c7976a4a77496e81be277c71fbbfcc3f54

    • Size

      1.9MB

    • MD5

      181cf5e5f39bbe387b3b985b826b16f1

    • SHA1

      4de92a14f49359ed21c3ee0be536f3126eda37db

    • SHA256

      2f76513c2b7c8f967a70526fdcf1e5c7976a4a77496e81be277c71fbbfcc3f54

    • SHA512

      56acae12a3af47a0ac9cf7261e5e51e4f34fb37fed8026f3694ab013eed3c5a5898733ab0d8dc99294af8b1cd80348f75efc262697b7ccea4c69188a9eb7b6b8

    • SSDEEP

      49152:TkLM27jaMzaTnmg4Gd+cauh5ZvumK3GVtoxRTGs:TGM2GMuCg4h05ZvpILRL

    Score
    10/10
    laplasclipperpersistencestealer

    • Laplas Clipper

      Laplas is a crypto wallet stealer with three variants written in Golang, C#, and C++.

      stealerclipperlaplas

    • Executes dropped EXE

    • Adds Run key to start application

      persistence
    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks