Resubmissions

24-03-2023 20:03

230324-ys4tlsha78 10

23-03-2023 01:54

230323-cbjw8aeg4v 10

General

  • Target

    setup.exe

  • Size

    1.9MB

  • Sample

    230323-cbjw8aeg4v

  • MD5

    c744e2d74b828c767877c52e125087af

  • SHA1

    444809a0b355b365fadc03e50ac577b1b1fa50eb

  • SHA256

    dccb7a134aae7970fc13ab3db3737b62b733ba33627945a1d5cdf61870ff4842

  • SHA512

    084e0f42ecb98a1915db1128a704a1650b07e7acffc4852cadc9684dfd643619e1668ab7ef83321483a2eaeadcd83e58379cd4db3e11a4085d74ee42bb095fff

  • SSDEEP

    49152:xKcn0Cjj3zONh6qrCf2TXEUPsNq3WVAThDWZaXQZh8:ocdDZqCIbPzWVyhDWZaXQZh

Malware Config

Extracted

Family

laplas

C2

http://45.87.154.105

Attributes
  • api_key

    1c630872d348a77d04368d542fde4663bc2bcb96f1b909554db3472c08df2767

Targets

    • Target

      setup.exe

    • Size

      1.9MB

    • MD5

      c744e2d74b828c767877c52e125087af

    • SHA1

      444809a0b355b365fadc03e50ac577b1b1fa50eb

    • SHA256

      dccb7a134aae7970fc13ab3db3737b62b733ba33627945a1d5cdf61870ff4842

    • SHA512

      084e0f42ecb98a1915db1128a704a1650b07e7acffc4852cadc9684dfd643619e1668ab7ef83321483a2eaeadcd83e58379cd4db3e11a4085d74ee42bb095fff

    • SSDEEP

      49152:xKcn0Cjj3zONh6qrCf2TXEUPsNq3WVAThDWZaXQZh8:ocdDZqCIbPzWVyhDWZaXQZh

    • Laplas Clipper

      Laplas is a crypto wallet stealer with three variants written in Golang, C#, and C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

1
T1112

Tasks