laplas | aacf8d390d8155217d2f3eb4a24229d4b0b6e7b69a88db1cdd2416ced097468b | Triage

Sharing

General

Target

aacf8d390d8155217d2f3eb4a24229d4b0b6e7b69a88db1cdd2416ced097468b
Size

1.8MB
Sample

230322-b2ws2aeb84
MD5

57af99b291e3c520d7f97f5dfeae538b
SHA1

9234ac2a21b99eeb0cab055d43dba526f4347b05
SHA256

aacf8d390d8155217d2f3eb4a24229d4b0b6e7b69a88db1cdd2416ced097468b
SHA512

3a7913a8ec25850c0ddf7432a6fa41e2e0ae07247e66138d58ceeeb66bc1cc33f051f2f2b2df09f5fc4e8a6efc1e64c746db6df020308a8ac6151d7cc86b6002
SSDEEP

49152:KaefEiciYyUKFrlDtvu8y9gkmFwOEA9MCVp+0w:KSiX1UKx9tvnHuOl5jS

Score

10^/10

laplas clipper persistence stealer

Malware Config

Extracted

Family

laplas

C2

http://45.87.154.105

Attributes

api_key
1c630872d348a77d04368d542fde4663bc2bcb96f1b909554db3472c08df2767

Targets

- Target
  
  aacf8d390d8155217d2f3eb4a24229d4b0b6e7b69a88db1cdd2416ced097468b
- Size
  
  1.8MB
- MD5
  
  57af99b291e3c520d7f97f5dfeae538b
- SHA1
  
  9234ac2a21b99eeb0cab055d43dba526f4347b05
- SHA256
  
  aacf8d390d8155217d2f3eb4a24229d4b0b6e7b69a88db1cdd2416ced097468b
- SHA512
  
  3a7913a8ec25850c0ddf7432a6fa41e2e0ae07247e66138d58ceeeb66bc1cc33f051f2f2b2df09f5fc4e8a6efc1e64c746db6df020308a8ac6151d7cc86b6002
- SSDEEP
  
  49152:KaefEiciYyUKFrlDtvu8y9gkmFwOEA9MCVp+0w:KSiX1UKx9tvnHuOl5jS
Score

10^/10

laplas clipper persistence stealer
- Laplas Clipper
  Laplas is a crypto wallet stealer with three variants written in Golang, C#, and C++.
  stealer clipper laplas
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

laplasclipperpersistencestealer