General

  • Target

    3505b429774620bffa85993478347e60589b048d5641404359f566931c1824c1

  • Size

    6.0MB

  • Sample

    230323-17dbbace2y

  • MD5

    bc65ec3faed25636ff149fcf1850855e

  • SHA1

    468ac57e84fcd934948dab935cfa3c196f23284a

  • SHA256

    3505b429774620bffa85993478347e60589b048d5641404359f566931c1824c1

  • SHA512

    9f4633330c4b35ae4f28ec7d914c90531ff35f985b1dfc9a2fd718d7b6788d55be3e39b86e6ba15703a50ea0c3ede2d1345c0553c5235b7af329d155e565cfa8

  • SSDEEP

    98304:FqSzFI+pzz3U/Yx2cpB/jn99IVaKrH8AuwWT3hRA6oO3w91d4+PfqaPtiLYEl8+T:FVi+d3U/4jzIVa48fwWTL7oO30d/3qMC

Malware Config

Extracted

Family

laplas

C2

http://212.113.106.172

Attributes
  • api_key

    a8f23fb9332db9a7947580ee498822bfe375b57ad7eb47370c7209509050c298

Targets

    • Target

      3505b429774620bffa85993478347e60589b048d5641404359f566931c1824c1

    • Size

      6.0MB

    • MD5

      bc65ec3faed25636ff149fcf1850855e

    • SHA1

      468ac57e84fcd934948dab935cfa3c196f23284a

    • SHA256

      3505b429774620bffa85993478347e60589b048d5641404359f566931c1824c1

    • SHA512

      9f4633330c4b35ae4f28ec7d914c90531ff35f985b1dfc9a2fd718d7b6788d55be3e39b86e6ba15703a50ea0c3ede2d1345c0553c5235b7af329d155e565cfa8

    • SSDEEP

      98304:FqSzFI+pzz3U/Yx2cpB/jn99IVaKrH8AuwWT3hRA6oO3w91d4+PfqaPtiLYEl8+T:FVi+d3U/4jzIVa48fwWTL7oO30d/3qMC

    • Laplas Clipper

      Laplas is a crypto wallet stealer with three variants written in Golang, C#, and C++.

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

1
T1112

Discovery

System Information Discovery

1
T1082

Tasks