Overview

overview

10

Static

static

1

dridex

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9d16c414f0453e4d6501cff7f672b7e2a8753f1dfe683afda15fcc617d43f051

  • Size

    1.8MB

  • Sample

    230322-cexmgsgc51

  • MD5

    2ef375947885a7f4f8c9088c34942c55

  • SHA1

    6eb04e4b0ddd352b9890938a1d2d2654f56d8672

  • SHA256

    9d16c414f0453e4d6501cff7f672b7e2a8753f1dfe683afda15fcc617d43f051

  • SHA512

    f9b7de7bc896a2f6b05e63878291e49c4033a8b08d414458f59eadfccfae4f66b53c9c249ecb65bea59be45b20bf5fd35b7cfc9a1322b8929bcb7600e967ee26

  • SSDEEP

    49152:gtcImdkPe0AF4m0AHfWJ9Qw4XkiCAKuna6uFO/:gmdEH6c8WJ9QbXkDAKGuFS

Score
10/10
laplasclipperpersistencestealer

Malware Config

Extracted

Family

laplas

C2

http://45.87.154.105

Attributes
  • api_key

    1c630872d348a77d04368d542fde4663bc2bcb96f1b909554db3472c08df2767

Targets

    • Target

      9d16c414f0453e4d6501cff7f672b7e2a8753f1dfe683afda15fcc617d43f051

    • Size

      1.8MB

    • MD5

      2ef375947885a7f4f8c9088c34942c55

    • SHA1

      6eb04e4b0ddd352b9890938a1d2d2654f56d8672

    • SHA256

      9d16c414f0453e4d6501cff7f672b7e2a8753f1dfe683afda15fcc617d43f051

    • SHA512

      f9b7de7bc896a2f6b05e63878291e49c4033a8b08d414458f59eadfccfae4f66b53c9c249ecb65bea59be45b20bf5fd35b7cfc9a1322b8929bcb7600e967ee26

    • SSDEEP

      49152:gtcImdkPe0AF4m0AHfWJ9Qw4XkiCAKuna6uFO/:gmdEH6c8WJ9QbXkDAKGuFS

    Score
    10/10
    laplasclipperpersistencestealer

    • Laplas Clipper

      Laplas is a crypto wallet stealer with three variants written in Golang, C#, and C++.

      stealerclipperlaplas

    • Executes dropped EXE

    • Adds Run key to start application

      persistence
    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks