General
-
Target
fe2457d4da43adde492576a91398086e.bin
-
Size
2.7MB
-
Sample
230323-cgwszach69
-
MD5
b16f99ba4ab2ca385069272be7dc1713
-
SHA1
84d0ed143471c294a815304edf740163e67983c2
-
SHA256
2289996f4a35a9b01273ba095e1df0802759f84fc4e3041c3a18591af9372c4f
-
SHA512
276b3b6f784488568a37d660c4530d6550a5bdaa7fd8251d75fecd38840e1718ee19b8682545ec6d34b8920c9b83565f9965dc00fbbd9caa8a12cb63a0780044
-
SSDEEP
49152:zx4axTMWvYzO1MNUCziH5UItbG5o7VpriLks5C/ZaTohcS6jlooSUJA5dRhDQa7o:zaaxLeOONUCzOyM+o7DmLD4U3S0J6RhM
Malware Config
Extracted
laplas
http://79.137.199.252
-
api_key
ab77c1513d42148558312d676282a204d8aa055051d315af2056241c7f79c6f4
Extracted
redline
FM
91.193.43.63:81
-
auth_value
686ed4f5bce1c0303019c1940beddd78
Targets
-
-
Target
82a5d382c3b4fe2e17f09af36df20f1e53bb8b712ca6f7af9a15861b38f91f24.exe
-
Size
8.6MB
-
MD5
fe2457d4da43adde492576a91398086e
-
SHA1
8c7c1efd47044f1d31cee78ea6c73df1a9296dea
-
SHA256
82a5d382c3b4fe2e17f09af36df20f1e53bb8b712ca6f7af9a15861b38f91f24
-
SHA512
b16fcdf02fe6e9f148d40cc04529840c98065bc2b69e144ff33e82c8285134b3e2c5e832c659132f8a99885e2b02589e2474f4d93b3bcef750ea1f2a64ffaf1a
-
SSDEEP
49152:pKnK6YN8UMtKNKogIHvueIxgfSZJxUu3INODRUgeCseICR7NWm8qpHakXvLQh0/o:on1YN8dKNcJxtISeCrXv0W/qpDRX5L
Score10/10-
Laplas Clipper
Laplas is a crypto wallet stealer with three variants written in Golang, C#, and C++.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-