laplas | 82a5d382c3b4fe2e17f09af36df20f1e53bb8b712ca6f7af9a15861b38f91f24

Analysis

max time kernel
1s
max time network
128s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
21-03-2023 18:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fe2457d4da43adde492576a91398086e.exe
Size

8.6MB
MD5

fe2457d4da43adde492576a91398086e
SHA1

8c7c1efd47044f1d31cee78ea6c73df1a9296dea
SHA256

82a5d382c3b4fe2e17f09af36df20f1e53bb8b712ca6f7af9a15861b38f91f24
SHA512

b16fcdf02fe6e9f148d40cc04529840c98065bc2b69e144ff33e82c8285134b3e2c5e832c659132f8a99885e2b02589e2474f4d93b3bcef750ea1f2a64ffaf1a
SSDEEP

49152:pKnK6YN8UMtKNKogIHvueIxgfSZJxUu3INODRUgeCseICR7NWm8qpHakXvLQh0/o:on1YN8dKNcJxtISeCrXv0W/qpDRX5L

Score

10^/10

laplas redline fm clipper infostealer stealer

Malware Config

Extracted

Family

laplas

http://79.137.199.252

Attributes

api_key
ab77c1513d42148558312d676282a204d8aa055051d315af2056241c7f79c6f4

Extracted

Family

redline

Botnet

91.193.43.63:81

Attributes

auth_value
686ed4f5bce1c0303019c1940beddd78

Signatures

Laplas Clipper
Laplas is a crypto wallet stealer with three variants written in Golang, C#, and C++.
stealer clipper laplas
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
infostealer redline
Program crash 2 IoCs

Processes:

WerFault.exeWerFault.exe

pid pid_target process target process

1680 1924 WerFault.exe f1.exe
1400 1244 WerFault.exe m1.exe
GoLang User-Agent 1 IoCs
Uses default user-agent string defined by GoLang HTTP packages.

Processes:

description flow ioc

HTTP User-Agent header 7 Go-http-client/1.1

pid	pid_target	process	target process
1680	1924	WerFault.exe	f1.exe
1400	1244	WerFault.exe	m1.exe

description	flow	ioc
HTTP User-Agent header	7	Go-http-client/1.1

C:\Users\Admin\AppData\Local\Temp\fe2457d4da43adde492576a91398086e.exe
"C:\Users\Admin\AppData\Local\Temp\fe2457d4da43adde492576a91398086e.exe"
1⤵
PID:2012

C:\Users\Admin\AppData\Roaming\configurationValue\Shelds32.exe
"C:\Users\Admin\AppData\Roaming\configurationValue\Shelds32.exe"
2⤵
PID:1324

C:\Users\Admin\AppData\Roaming\configurationValue\f1.exe
"C:\Users\Admin\AppData\Roaming\configurationValue\f1.exe"
3⤵
PID:1924

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"
4⤵
PID:1588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1924 -s 116
4⤵
- Program crash
PID:1680

C:\Users\Admin\AppData\Roaming\configurationValue\m1.exe
"C:\Users\Admin\AppData\Roaming\configurationValue\m1.exe"
3⤵
PID:1244

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"
4⤵
PID:1548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1244 -s 116
4⤵
- Program crash
PID:1400

C:\Users\Admin\AppData\Roaming\configurationValue\c1.exe
"C:\Users\Admin\AppData\Roaming\configurationValue\c1.exe"
2⤵
PID:1488

C:\Users\Admin\AppData\Roaming\NTSystem\ntlhost.exe
C:\Users\Admin\AppData\Roaming\NTSystem\ntlhost.exe
3⤵
PID:1860

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\NTSystem\ntlhost.exe
Filesize
56.1MB

MD5
642411f19d886c6c5ff3f2a61b050561

SHA1
cbac8127778ed13ca23d93c4c7410f87fdc013ae

SHA256
31ad1ee1dc59fe39da4aba89385df04309dec4917fb6635292867a07ae1c9d24

SHA512
0fb50e6da625d5dcc65bcef96e3a0007be530234bb5b27c64f8983b03bb7db3999f19b8a9c82546fa08d05555ae1f28579573ec3b0f14b2f40af8f95ecdcbbca

Download Submit
C:\Users\Admin\AppData\Roaming\configurationValue\Shelds32.exe
Filesize
4.8MB

MD5
b3492f2a3f077b285966e8190d95a7d9

SHA1
ac1ebd096d80a41f6ea19aff2607259183ac649a

SHA256
761b483f0c0322092784e53bfcbe66bfc95a4ce7fb7842a8b639629cfe5073f3

SHA512
d360296106253d9d525bd54a215a9aca815a665ba43eaa357e906428ee744f13f54fbfd9d07abb9cb621ef6a799a37bc7cf0fbff22022e31fe811abf8ed9dfea

Download Submit
C:\Users\Admin\AppData\Roaming\configurationValue\Shelds32.exe
Filesize
4.8MB

MD5
b3492f2a3f077b285966e8190d95a7d9

SHA1
ac1ebd096d80a41f6ea19aff2607259183ac649a

SHA256
761b483f0c0322092784e53bfcbe66bfc95a4ce7fb7842a8b639629cfe5073f3

SHA512
d360296106253d9d525bd54a215a9aca815a665ba43eaa357e906428ee744f13f54fbfd9d07abb9cb621ef6a799a37bc7cf0fbff22022e31fe811abf8ed9dfea

Download Submit
C:\Users\Admin\AppData\Roaming\configurationValue\c1.exe
Filesize
3.8MB

MD5
0a0b3aacdc321a1612d01e285993250b

SHA1
802205c8d1e0a1b6d203815df513fabb4948ad8c

SHA256
4b7b83c99991371b9756ff91ec07abfbbc1c0cc17caf422e6ecd062f2d84cf9a

SHA512
03c4bbe0778b5e839f8e2b09ab189676ef0ed40ee7d098c49575b63ea42bba82ba56dd88d7783e4c4970d20e13debfc5c27556513aac6811264c77211962eb62

Download Submit
C:\Users\Admin\AppData\Roaming\configurationValue\c1.exe
Filesize
3.8MB

MD5
0a0b3aacdc321a1612d01e285993250b

SHA1
802205c8d1e0a1b6d203815df513fabb4948ad8c

SHA256
4b7b83c99991371b9756ff91ec07abfbbc1c0cc17caf422e6ecd062f2d84cf9a

SHA512
03c4bbe0778b5e839f8e2b09ab189676ef0ed40ee7d098c49575b63ea42bba82ba56dd88d7783e4c4970d20e13debfc5c27556513aac6811264c77211962eb62

Download Submit
C:\Users\Admin\AppData\Roaming\configurationValue\c1.exe
Filesize
3.8MB

MD5
0a0b3aacdc321a1612d01e285993250b

SHA1
802205c8d1e0a1b6d203815df513fabb4948ad8c

SHA256
4b7b83c99991371b9756ff91ec07abfbbc1c0cc17caf422e6ecd062f2d84cf9a

SHA512
03c4bbe0778b5e839f8e2b09ab189676ef0ed40ee7d098c49575b63ea42bba82ba56dd88d7783e4c4970d20e13debfc5c27556513aac6811264c77211962eb62

Download Submit
C:\Users\Admin\AppData\Roaming\configurationValue\f1.exe
Filesize
1.3MB

MD5
6fbb68ec3f04b2961b81c9c4bb591b18

SHA1
cc215398392070b62ac0edb951804f8c76630d08

SHA256
0ab25294685dfc422eb597698b11442e8cf4afb44bea0cd6305477f8a0f5d904

SHA512
189bc24be8bf4abd19ea4f2b8262a55b7e8665dc0d04474cf868b997ef31bb438813f1bdf87b4f54adafef7184b74ed943ca22ec027d05206beb2deb5bdf0e39

Download Submit
C:\Users\Admin\AppData\Roaming\configurationValue\f1.exe
Filesize
1.3MB

MD5
6fbb68ec3f04b2961b81c9c4bb591b18

SHA1
cc215398392070b62ac0edb951804f8c76630d08

SHA256
0ab25294685dfc422eb597698b11442e8cf4afb44bea0cd6305477f8a0f5d904

SHA512
189bc24be8bf4abd19ea4f2b8262a55b7e8665dc0d04474cf868b997ef31bb438813f1bdf87b4f54adafef7184b74ed943ca22ec027d05206beb2deb5bdf0e39

Download Submit
C:\Users\Admin\AppData\Roaming\configurationValue\m1.exe
Filesize
3.6MB

MD5
4fb7d752ce196cd847ec8bacd9c51906

SHA1
c3325b47ae7348d38c97157c7e8cfaeb4b2c4a52

SHA256
8dae0e9964e70eb34d55763bd6f4a23c08d0f253e1c07002e04d69025d8bc749

SHA512
a0c52c4c84f60d41ab8a2e9b779e2f81adc902c61c58546c6c745e4e9eb86d10d94d7a75f45c87f109c0bb6898f7af31f5504c750ac3f58b5d18d8998b5a3e83

Download Submit
C:\Users\Admin\AppData\Roaming\configurationValue\m1.exe
Filesize
3.6MB

MD5
4fb7d752ce196cd847ec8bacd9c51906

SHA1
c3325b47ae7348d38c97157c7e8cfaeb4b2c4a52

SHA256
8dae0e9964e70eb34d55763bd6f4a23c08d0f253e1c07002e04d69025d8bc749

SHA512
a0c52c4c84f60d41ab8a2e9b779e2f81adc902c61c58546c6c745e4e9eb86d10d94d7a75f45c87f109c0bb6898f7af31f5504c750ac3f58b5d18d8998b5a3e83

Download Submit
\Users\Admin\AppData\Roaming\NTSystem\ntlhost.exe
Filesize
54.2MB

MD5
cf430ff418bc5f05d2ee4bbff5ab3341

SHA1
570c51e89022ce8d7d4765a32e89073eecc15f65

SHA256
a9bf417661a53c9dfb04c32d72cfdf758d2929e8909534d6a424f5f5cfe4bbb1

SHA512
8b8d367ecb4fa3cf5c4413eff9fc1b3b51c395733cb76dbe65f422fda62065be12e0326c8e1f65910090c035039765c905c3c3101c3a32c246f4c1a2cca691cf

Download Submit
\Users\Admin\AppData\Roaming\NTSystem\ntlhost.exe
Filesize
54.9MB

MD5
c44ed5e6e0b5a2ffa45bb9620faddae9

SHA1
c7fbe3d5b9d33385f2297e608a2c95bb8d33dfea

SHA256
cf9211f4f8eae2d04f927c58e42a21714aee7ff96a69af8c9e494dc090b59d65

SHA512
812f770b87719c6339c7e8c04eac0fadd0ee3872dab5480211d025cf22a42ed0c620c821c7d7dc9711197bae1477a1ccc7b62a7064c75fc7feff536ebf0c0ff3

Download Submit
\Users\Admin\AppData\Roaming\configurationValue\Shelds32.exe
Filesize
4.8MB

MD5
b3492f2a3f077b285966e8190d95a7d9

SHA1
ac1ebd096d80a41f6ea19aff2607259183ac649a

SHA256
761b483f0c0322092784e53bfcbe66bfc95a4ce7fb7842a8b639629cfe5073f3

SHA512
d360296106253d9d525bd54a215a9aca815a665ba43eaa357e906428ee744f13f54fbfd9d07abb9cb621ef6a799a37bc7cf0fbff22022e31fe811abf8ed9dfea

Download Submit
\Users\Admin\AppData\Roaming\configurationValue\c1.exe
Filesize
3.8MB

MD5
0a0b3aacdc321a1612d01e285993250b

SHA1
802205c8d1e0a1b6d203815df513fabb4948ad8c

SHA256
4b7b83c99991371b9756ff91ec07abfbbc1c0cc17caf422e6ecd062f2d84cf9a

SHA512
03c4bbe0778b5e839f8e2b09ab189676ef0ed40ee7d098c49575b63ea42bba82ba56dd88d7783e4c4970d20e13debfc5c27556513aac6811264c77211962eb62

Download Submit
\Users\Admin\AppData\Roaming\configurationValue\c1.exe
Filesize
3.8MB

MD5
0a0b3aacdc321a1612d01e285993250b

SHA1
802205c8d1e0a1b6d203815df513fabb4948ad8c

SHA256
4b7b83c99991371b9756ff91ec07abfbbc1c0cc17caf422e6ecd062f2d84cf9a

SHA512
03c4bbe0778b5e839f8e2b09ab189676ef0ed40ee7d098c49575b63ea42bba82ba56dd88d7783e4c4970d20e13debfc5c27556513aac6811264c77211962eb62

Download Submit
\Users\Admin\AppData\Roaming\configurationValue\f1.exe
Filesize
1.3MB

MD5
6fbb68ec3f04b2961b81c9c4bb591b18

SHA1
cc215398392070b62ac0edb951804f8c76630d08

SHA256
0ab25294685dfc422eb597698b11442e8cf4afb44bea0cd6305477f8a0f5d904

SHA512
189bc24be8bf4abd19ea4f2b8262a55b7e8665dc0d04474cf868b997ef31bb438813f1bdf87b4f54adafef7184b74ed943ca22ec027d05206beb2deb5bdf0e39

Download Submit
\Users\Admin\AppData\Roaming\configurationValue\f1.exe
Filesize
1.3MB

MD5
6fbb68ec3f04b2961b81c9c4bb591b18

SHA1
cc215398392070b62ac0edb951804f8c76630d08

SHA256
0ab25294685dfc422eb597698b11442e8cf4afb44bea0cd6305477f8a0f5d904

SHA512
189bc24be8bf4abd19ea4f2b8262a55b7e8665dc0d04474cf868b997ef31bb438813f1bdf87b4f54adafef7184b74ed943ca22ec027d05206beb2deb5bdf0e39

Download Submit
\Users\Admin\AppData\Roaming\configurationValue\f1.exe
Filesize
1.3MB

MD5
6fbb68ec3f04b2961b81c9c4bb591b18

SHA1
cc215398392070b62ac0edb951804f8c76630d08

SHA256
0ab25294685dfc422eb597698b11442e8cf4afb44bea0cd6305477f8a0f5d904

SHA512
189bc24be8bf4abd19ea4f2b8262a55b7e8665dc0d04474cf868b997ef31bb438813f1bdf87b4f54adafef7184b74ed943ca22ec027d05206beb2deb5bdf0e39

Download Submit
\Users\Admin\AppData\Roaming\configurationValue\f1.exe
Filesize
1.3MB

MD5
6fbb68ec3f04b2961b81c9c4bb591b18

SHA1
cc215398392070b62ac0edb951804f8c76630d08

SHA256
0ab25294685dfc422eb597698b11442e8cf4afb44bea0cd6305477f8a0f5d904

SHA512
189bc24be8bf4abd19ea4f2b8262a55b7e8665dc0d04474cf868b997ef31bb438813f1bdf87b4f54adafef7184b74ed943ca22ec027d05206beb2deb5bdf0e39

Download Submit
\Users\Admin\AppData\Roaming\configurationValue\f1.exe
Filesize
1.3MB

MD5
6fbb68ec3f04b2961b81c9c4bb591b18

SHA1
cc215398392070b62ac0edb951804f8c76630d08

SHA256
0ab25294685dfc422eb597698b11442e8cf4afb44bea0cd6305477f8a0f5d904

SHA512
189bc24be8bf4abd19ea4f2b8262a55b7e8665dc0d04474cf868b997ef31bb438813f1bdf87b4f54adafef7184b74ed943ca22ec027d05206beb2deb5bdf0e39

Download Submit
\Users\Admin\AppData\Roaming\configurationValue\m1.exe
Filesize
3.6MB

MD5
4fb7d752ce196cd847ec8bacd9c51906

SHA1
c3325b47ae7348d38c97157c7e8cfaeb4b2c4a52

SHA256
8dae0e9964e70eb34d55763bd6f4a23c08d0f253e1c07002e04d69025d8bc749

SHA512
a0c52c4c84f60d41ab8a2e9b779e2f81adc902c61c58546c6c745e4e9eb86d10d94d7a75f45c87f109c0bb6898f7af31f5504c750ac3f58b5d18d8998b5a3e83

Download Submit
\Users\Admin\AppData\Roaming\configurationValue\m1.exe
Filesize
3.6MB

MD5
4fb7d752ce196cd847ec8bacd9c51906

SHA1
c3325b47ae7348d38c97157c7e8cfaeb4b2c4a52

SHA256
8dae0e9964e70eb34d55763bd6f4a23c08d0f253e1c07002e04d69025d8bc749

SHA512
a0c52c4c84f60d41ab8a2e9b779e2f81adc902c61c58546c6c745e4e9eb86d10d94d7a75f45c87f109c0bb6898f7af31f5504c750ac3f58b5d18d8998b5a3e83

Download Submit
\Users\Admin\AppData\Roaming\configurationValue\m1.exe
Filesize
3.6MB

MD5
4fb7d752ce196cd847ec8bacd9c51906

SHA1
c3325b47ae7348d38c97157c7e8cfaeb4b2c4a52

SHA256
8dae0e9964e70eb34d55763bd6f4a23c08d0f253e1c07002e04d69025d8bc749

SHA512
a0c52c4c84f60d41ab8a2e9b779e2f81adc902c61c58546c6c745e4e9eb86d10d94d7a75f45c87f109c0bb6898f7af31f5504c750ac3f58b5d18d8998b5a3e83

Download Submit
\Users\Admin\AppData\Roaming\configurationValue\m1.exe
Filesize
3.6MB

MD5
4fb7d752ce196cd847ec8bacd9c51906

SHA1
c3325b47ae7348d38c97157c7e8cfaeb4b2c4a52

SHA256
8dae0e9964e70eb34d55763bd6f4a23c08d0f253e1c07002e04d69025d8bc749

SHA512
a0c52c4c84f60d41ab8a2e9b779e2f81adc902c61c58546c6c745e4e9eb86d10d94d7a75f45c87f109c0bb6898f7af31f5504c750ac3f58b5d18d8998b5a3e83

Download Submit
\Users\Admin\AppData\Roaming\configurationValue\m1.exe
Filesize
3.6MB

MD5
4fb7d752ce196cd847ec8bacd9c51906

SHA1
c3325b47ae7348d38c97157c7e8cfaeb4b2c4a52

SHA256
8dae0e9964e70eb34d55763bd6f4a23c08d0f253e1c07002e04d69025d8bc749

SHA512
a0c52c4c84f60d41ab8a2e9b779e2f81adc902c61c58546c6c745e4e9eb86d10d94d7a75f45c87f109c0bb6898f7af31f5504c750ac3f58b5d18d8998b5a3e83

Download Submit
memory/1324-71-0x0000000000A80000-0x0000000000F5A000-memory.dmp

Filesize
4.9MB

Download
memory/1548-94-0x0000000000400000-0x000000000056C000-memory.dmp

Filesize
1.4MB

Download
memory/1548-130-0x0000000000400000-0x000000000056C000-memory.dmp

Filesize
1.4MB

Download
memory/1548-92-0x0000000000400000-0x000000000056C000-memory.dmp

Filesize
1.4MB

Download
memory/1548-118-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/1548-125-0x0000000000400000-0x000000000056C000-memory.dmp

Filesize
1.4MB

Download
memory/1548-126-0x0000000000400000-0x000000000056C000-memory.dmp

Filesize
1.4MB

Download
memory/1548-127-0x0000000000400000-0x000000000056C000-memory.dmp

Filesize
1.4MB

Download
memory/1588-108-0x0000000000090000-0x00000000000C2000-memory.dmp

Filesize
200KB

Download
memory/1588-101-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/1588-93-0x0000000000090000-0x00000000000C2000-memory.dmp

Filesize
200KB

Download
memory/1588-480-0x0000000002180000-0x00000000021C0000-memory.dmp

Filesize
256KB

Download
memory/1588-801-0x0000000002180000-0x00000000021C0000-memory.dmp

Filesize
256KB

Download
memory/1588-91-0x0000000000090000-0x00000000000C2000-memory.dmp

Filesize
200KB

Download
memory/1588-105-0x0000000000090000-0x00000000000C2000-memory.dmp

Filesize
200KB

Download
memory/2012-54-0x0000000000A10000-0x00000000012BC000-memory.dmp

Filesize
8.7MB

Download

Analysis

Sharing

General

Malware Config

Extracted

Extracted

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads