laplas | 2f76513c2b7c8f967a70526fdcf1e5c7976a4a77496e81be277c71fbbfcc3f54 | Triage

Sharing

General

Target

setup.exe
Size

1.9MB
Sample

230322-bfhz2sga3w
MD5

181cf5e5f39bbe387b3b985b826b16f1
SHA1

4de92a14f49359ed21c3ee0be536f3126eda37db
SHA256

2f76513c2b7c8f967a70526fdcf1e5c7976a4a77496e81be277c71fbbfcc3f54
SHA512

56acae12a3af47a0ac9cf7261e5e51e4f34fb37fed8026f3694ab013eed3c5a5898733ab0d8dc99294af8b1cd80348f75efc262697b7ccea4c69188a9eb7b6b8
SSDEEP

49152:TkLM27jaMzaTnmg4Gd+cauh5ZvumK3GVtoxRTGs:TGM2GMuCg4h05ZvpILRL

Score

10^/10

laplas clipper persistence stealer

Malware Config

Extracted

Family

laplas

C2

http://45.87.154.105

Attributes

api_key
1c630872d348a77d04368d542fde4663bc2bcb96f1b909554db3472c08df2767

Targets

- Target
  
  setup.exe
- Size
  
  1.9MB
- MD5
  
  181cf5e5f39bbe387b3b985b826b16f1
- SHA1
  
  4de92a14f49359ed21c3ee0be536f3126eda37db
- SHA256
  
  2f76513c2b7c8f967a70526fdcf1e5c7976a4a77496e81be277c71fbbfcc3f54
- SHA512
  
  56acae12a3af47a0ac9cf7261e5e51e4f34fb37fed8026f3694ab013eed3c5a5898733ab0d8dc99294af8b1cd80348f75efc262697b7ccea4c69188a9eb7b6b8
- SSDEEP
  
  49152:TkLM27jaMzaTnmg4Gd+cauh5ZvumK3GVtoxRTGs:TGM2GMuCg4h05ZvpILRL
Score

10^/10

laplas clipper persistence stealer
- Laplas Clipper
  Laplas is a crypto wallet stealer with three variants written in Golang, C#, and C++.
  stealer clipper laplas
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

laplasclipperpersistencestealer

behavioral2

laplasclipperpersistencestealer