Overview

overview

10

Static

static

1

406a0e14b6...e1.exe

windows7-x64

10

406a0e14b6...e1.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    141s
  • max time network
    131s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22-03-2023 19:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    406a0e14b6569ebc5f1086801e043fe1.exe

  • Size

    1.8MB

  • MD5

    406a0e14b6569ebc5f1086801e043fe1

  • SHA1

    b15c199f31dcddcd37f10f143b62f2ff998324c6

  • SHA256

    5502d7c1c81714b998f594e523274a828d919f69dc08bffde5fe118918a8f43b

  • SHA512

    f367e8c6a84192925cad8d7de697435220835de2068bf66fa6e29f59680ea4f74dc42b92a6ba16e27bd71194a4104c0a3e06ecd5a2e484473e8ec9669b1ae65a

  • SSDEEP

    49152:VJGty7g6F2SKtEjjbgitUonmkXhDbl0nXj5:VJzpF2SKtEjfBUChTm5

Score
10/10
laplasclipperpersistencestealer

Malware Config

Extracted

Family

laplas

C2

http://45.87.154.105

Attributes
  • api_key

    1c630872d348a77d04368d542fde4663bc2bcb96f1b909554db3472c08df2767

Signatures

  • Laplas Clipper

    Laplas is a crypto wallet stealer with three variants written in Golang, C#, and C++.

    stealerclipperlaplas
  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\406a0e14b6569ebc5f1086801e043fe1.exe
    "C:\Users\Admin\AppData\Local\Temp\406a0e14b6569ebc5f1086801e043fe1.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious use of WriteProcessMemory
    PID:2132
    • C:\Users\Admin\AppData\Roaming\NTSystem\ntlhost.exe
      C:\Users\Admin\AppData\Roaming\NTSystem\ntlhost.exe
      2⤵
      • Executes dropped EXE
      PID:2460

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\NTSystem\ntlhost.exe
    Filesize

    711.4MB

    MD5

    826b446de76356c1e62329870e4f5d3e

    SHA1

    74a8b89c6cbbc7268c77f36c9f5799d86805466f

    SHA256

    8fc63a0faac0fb681ee2e513cf3d8c62384648e47d99316d80513ae6515efdaa

    SHA512

    10a5eff545023887203174160fe4ccfe9368fdd0d0e6ecc19a79723a39a094b09e2787a441e3d20748ea89afd1adcec3e7a1132071a522624c91eed71b04fad4

    Download Submit

  • C:\Users\Admin\AppData\Roaming\NTSystem\ntlhost.exe
    Filesize

    705.5MB

    MD5

    4f150575584246449e72b019f0bbbc25

    SHA1

    e311c6a6aa850429e1f1940558285cb3d64b7820

    SHA256

    2f562f62cdd71fd76e1d23dc65b3f85e79173841ae2cdb6f2457bb22790960dc

    SHA512

    6dccdc94e1e7282abe2fc63451a4138733bb79c2b10cbead6d91854fd6d76bf85bf56b208a2f48887208254ec3b1f095f82eddf90ef4bd44fa589ef7ba88aca6

    Download Submit

  • memory/2132-134-0x0000000002850000-0x0000000002C20000-memory.dmp

    Filesize

    3.8MB

    Download

  • memory/2132-136-0x0000000000400000-0x0000000000893000-memory.dmp

    Filesize

    4.6MB

    Download

  • memory/2132-139-0x0000000000400000-0x0000000000893000-memory.dmp

    Filesize

    4.6MB

    Download

  • memory/2460-144-0x0000000000400000-0x0000000000893000-memory.dmp

    Filesize

    4.6MB

    Download

  • memory/2460-142-0x0000000000400000-0x0000000000893000-memory.dmp

    Filesize

    4.6MB

    Download

  • memory/2460-146-0x0000000000400000-0x0000000000893000-memory.dmp

    Filesize

    4.6MB

    Download

  • memory/2460-147-0x0000000000400000-0x0000000000893000-memory.dmp

    Filesize

    4.6MB

    Download

  • memory/2460-148-0x0000000000400000-0x0000000000893000-memory.dmp

    Filesize

    4.6MB

    Download

  • memory/2460-149-0x0000000000400000-0x0000000000893000-memory.dmp

    Filesize

    4.6MB

    Download

  • memory/2460-152-0x0000000000400000-0x0000000000893000-memory.dmp

    Filesize

    4.6MB

    Download

  • memory/2460-153-0x0000000000400000-0x0000000000893000-memory.dmp

    Filesize

    4.6MB

    Download

  • memory/2460-154-0x0000000000400000-0x0000000000893000-memory.dmp

    Filesize

    4.6MB

    Download