laplas | 2289996f4a35a9b01273ba095e1df0802759f84fc4e3041c3a18591af9372c4f

Analysis

max time kernel
1s
max time network
124s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
23-03-2023 02:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

82a5d382c3b4fe2e17f09af36df20f1e53bb8b712ca6f7af9a15861b38f91f24.exe
Size

8.6MB
MD5

fe2457d4da43adde492576a91398086e
SHA1

8c7c1efd47044f1d31cee78ea6c73df1a9296dea
SHA256

82a5d382c3b4fe2e17f09af36df20f1e53bb8b712ca6f7af9a15861b38f91f24
SHA512

b16fcdf02fe6e9f148d40cc04529840c98065bc2b69e144ff33e82c8285134b3e2c5e832c659132f8a99885e2b02589e2474f4d93b3bcef750ea1f2a64ffaf1a
SSDEEP

49152:pKnK6YN8UMtKNKogIHvueIxgfSZJxUu3INODRUgeCseICR7NWm8qpHakXvLQh0/o:on1YN8dKNcJxtISeCrXv0W/qpDRX5L

Score

10^/10

laplas redline fm clipper infostealer stealer

Malware Config

Extracted

Family

laplas

http://79.137.199.252

Attributes

api_key
ab77c1513d42148558312d676282a204d8aa055051d315af2056241c7f79c6f4

Extracted

Family

redline

Botnet

91.193.43.63:81

Attributes

auth_value
686ed4f5bce1c0303019c1940beddd78

Signatures

Laplas Clipper
Laplas is a crypto wallet stealer with three variants written in Golang, C#, and C++.
stealer clipper laplas
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
infostealer redline

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1892	1760	WerFault.exe	30

GoLang User-Agent 1 IoCs

Uses default user-agent string defined by GoLang HTTP packages.

description	flow	ioc
HTTP User-Agent header	5	Go-http-client/1.1

C:\Users\Admin\AppData\Local\Temp\82a5d382c3b4fe2e17f09af36df20f1e53bb8b712ca6f7af9a15861b38f91f24.exe
"C:\Users\Admin\AppData\Local\Temp\82a5d382c3b4fe2e17f09af36df20f1e53bb8b712ca6f7af9a15861b38f91f24.exe"
1⤵
PID:1852
- C:\Users\Admin\AppData\Roaming\configurationValue\c1.exe
  "C:\Users\Admin\AppData\Roaming\configurationValue\c1.exe"
  2⤵
  PID:872
- - C:\Users\Admin\AppData\Roaming\NTSystem\ntlhost.exe
    C:\Users\Admin\AppData\Roaming\NTSystem\ntlhost.exe
    3⤵
    PID:1716
- C:\Users\Admin\AppData\Roaming\configurationValue\Shelds32.exe
  "C:\Users\Admin\AppData\Roaming\configurationValue\Shelds32.exe"
  2⤵
  PID:776
- - C:\Users\Admin\AppData\Roaming\configurationValue\m1.exe
    "C:\Users\Admin\AppData\Roaming\configurationValue\m1.exe"
    3⤵
    PID:904
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"
      4⤵
      PID:900
- - C:\Users\Admin\AppData\Roaming\configurationValue\f1.exe
    "C:\Users\Admin\AppData\Roaming\configurationValue\f1.exe"
    3⤵
    PID:1760
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"
      4⤵
      PID:680
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1760 -s 116
      4⤵
      Program crash
      PID:1892

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\NTSystem\ntlhost.exe

Filesize
252.4MB

MD5
872147c990551ec00d8392ef3d5e6328

SHA1
6cbdeeac5759c0904b01af3d3abbdc7a7396a4f9

SHA256
c5f6d3eeb582a0fd3116ea5fa2a5776e461d43f04cd536fba9a9c4894ff99762

SHA512
b19c75d7a3b44a7825036980ad7449c14a5c6c74bbed5a6acd776e645c4b89b9b074d75baa0e61f6fe7acefe199b32d4fdb444b3f44622e94679119f70c1cb14

Download Submit
C:\Users\Admin\AppData\Roaming\configurationValue\Shelds32.exe

Filesize
4.8MB

MD5
b3492f2a3f077b285966e8190d95a7d9

SHA1
ac1ebd096d80a41f6ea19aff2607259183ac649a

SHA256
761b483f0c0322092784e53bfcbe66bfc95a4ce7fb7842a8b639629cfe5073f3

SHA512
d360296106253d9d525bd54a215a9aca815a665ba43eaa357e906428ee744f13f54fbfd9d07abb9cb621ef6a799a37bc7cf0fbff22022e31fe811abf8ed9dfea

Download Submit
C:\Users\Admin\AppData\Roaming\configurationValue\Shelds32.exe

Filesize
4.8MB

MD5
b3492f2a3f077b285966e8190d95a7d9

SHA1
ac1ebd096d80a41f6ea19aff2607259183ac649a

SHA256
761b483f0c0322092784e53bfcbe66bfc95a4ce7fb7842a8b639629cfe5073f3

SHA512
d360296106253d9d525bd54a215a9aca815a665ba43eaa357e906428ee744f13f54fbfd9d07abb9cb621ef6a799a37bc7cf0fbff22022e31fe811abf8ed9dfea

Download Submit
C:\Users\Admin\AppData\Roaming\configurationValue\c1.exe

Filesize
3.8MB

MD5
0a0b3aacdc321a1612d01e285993250b

SHA1
802205c8d1e0a1b6d203815df513fabb4948ad8c

SHA256
4b7b83c99991371b9756ff91ec07abfbbc1c0cc17caf422e6ecd062f2d84cf9a

SHA512
03c4bbe0778b5e839f8e2b09ab189676ef0ed40ee7d098c49575b63ea42bba82ba56dd88d7783e4c4970d20e13debfc5c27556513aac6811264c77211962eb62

Download Submit
C:\Users\Admin\AppData\Roaming\configurationValue\c1.exe

Filesize
3.8MB

MD5
0a0b3aacdc321a1612d01e285993250b

SHA1
802205c8d1e0a1b6d203815df513fabb4948ad8c

SHA256
4b7b83c99991371b9756ff91ec07abfbbc1c0cc17caf422e6ecd062f2d84cf9a

SHA512
03c4bbe0778b5e839f8e2b09ab189676ef0ed40ee7d098c49575b63ea42bba82ba56dd88d7783e4c4970d20e13debfc5c27556513aac6811264c77211962eb62

Download Submit
C:\Users\Admin\AppData\Roaming\configurationValue\c1.exe

Filesize
3.8MB

MD5
0a0b3aacdc321a1612d01e285993250b

SHA1
802205c8d1e0a1b6d203815df513fabb4948ad8c

SHA256
4b7b83c99991371b9756ff91ec07abfbbc1c0cc17caf422e6ecd062f2d84cf9a

SHA512
03c4bbe0778b5e839f8e2b09ab189676ef0ed40ee7d098c49575b63ea42bba82ba56dd88d7783e4c4970d20e13debfc5c27556513aac6811264c77211962eb62

Download Submit
C:\Users\Admin\AppData\Roaming\configurationValue\f1.exe

Filesize
1.3MB

MD5
6fbb68ec3f04b2961b81c9c4bb591b18

SHA1
cc215398392070b62ac0edb951804f8c76630d08

SHA256
0ab25294685dfc422eb597698b11442e8cf4afb44bea0cd6305477f8a0f5d904

SHA512
189bc24be8bf4abd19ea4f2b8262a55b7e8665dc0d04474cf868b997ef31bb438813f1bdf87b4f54adafef7184b74ed943ca22ec027d05206beb2deb5bdf0e39

Download Submit
C:\Users\Admin\AppData\Roaming\configurationValue\f1.exe

Filesize
1.3MB

MD5
6fbb68ec3f04b2961b81c9c4bb591b18

SHA1
cc215398392070b62ac0edb951804f8c76630d08

SHA256
0ab25294685dfc422eb597698b11442e8cf4afb44bea0cd6305477f8a0f5d904

SHA512
189bc24be8bf4abd19ea4f2b8262a55b7e8665dc0d04474cf868b997ef31bb438813f1bdf87b4f54adafef7184b74ed943ca22ec027d05206beb2deb5bdf0e39

Download Submit
C:\Users\Admin\AppData\Roaming\configurationValue\m1.exe

Filesize
3.6MB

MD5
4fb7d752ce196cd847ec8bacd9c51906

SHA1
c3325b47ae7348d38c97157c7e8cfaeb4b2c4a52

SHA256
8dae0e9964e70eb34d55763bd6f4a23c08d0f253e1c07002e04d69025d8bc749

SHA512
a0c52c4c84f60d41ab8a2e9b779e2f81adc902c61c58546c6c745e4e9eb86d10d94d7a75f45c87f109c0bb6898f7af31f5504c750ac3f58b5d18d8998b5a3e83

Download Submit
C:\Users\Admin\AppData\Roaming\configurationValue\m1.exe

Filesize
3.6MB

MD5
4fb7d752ce196cd847ec8bacd9c51906

SHA1
c3325b47ae7348d38c97157c7e8cfaeb4b2c4a52

SHA256
8dae0e9964e70eb34d55763bd6f4a23c08d0f253e1c07002e04d69025d8bc749

SHA512
a0c52c4c84f60d41ab8a2e9b779e2f81adc902c61c58546c6c745e4e9eb86d10d94d7a75f45c87f109c0bb6898f7af31f5504c750ac3f58b5d18d8998b5a3e83

Download Submit
\Users\Admin\AppData\Roaming\NTSystem\ntlhost.exe

Filesize
275.4MB

MD5
af32aca7194e129894b45e2c975db0c1

SHA1
5a6377f315b3bcb665f59039307d28b37f5ff5e5

SHA256
c3541c84e29dbdcbd43e0cde9c0c67b760c307fcdbea231c9f4b0a59c04f436f

SHA512
3920e9c7006b2a0fe46bf5e62f7058a96ff366d91dfd9ecd38892de6af44a4db2608631b81a71e6caf616eb6779ac64af2340a92a392c69b92182b353d3b67f1

Download Submit
\Users\Admin\AppData\Roaming\NTSystem\ntlhost.exe

Filesize
261.6MB

MD5
2880ea352d3b5d9f3fe6fd39f981706c

SHA1
923ecbb436ea73876335c15f298d3e77a132c28b

SHA256
0c4af9574fe5fe278581061cddeab0c82ad085220db68719f5f56bb93a5208ef

SHA512
af55448de4e05526191d66a0ecb6ae454d41ed4f2e84e31bddc2f40f09b0af1a3be7b98e028bad8c505424e27c2fcd1fb1dfe0d727bee8555366308ab0f8e093

Download Submit
\Users\Admin\AppData\Roaming\configurationValue\Shelds32.exe

Filesize
4.8MB

MD5
b3492f2a3f077b285966e8190d95a7d9

SHA1
ac1ebd096d80a41f6ea19aff2607259183ac649a

SHA256
761b483f0c0322092784e53bfcbe66bfc95a4ce7fb7842a8b639629cfe5073f3

SHA512
d360296106253d9d525bd54a215a9aca815a665ba43eaa357e906428ee744f13f54fbfd9d07abb9cb621ef6a799a37bc7cf0fbff22022e31fe811abf8ed9dfea

Download Submit
\Users\Admin\AppData\Roaming\configurationValue\c1.exe

Filesize
3.8MB

MD5
0a0b3aacdc321a1612d01e285993250b

SHA1
802205c8d1e0a1b6d203815df513fabb4948ad8c

SHA256
4b7b83c99991371b9756ff91ec07abfbbc1c0cc17caf422e6ecd062f2d84cf9a

SHA512
03c4bbe0778b5e839f8e2b09ab189676ef0ed40ee7d098c49575b63ea42bba82ba56dd88d7783e4c4970d20e13debfc5c27556513aac6811264c77211962eb62

Download Submit
\Users\Admin\AppData\Roaming\configurationValue\c1.exe

Filesize
3.8MB

MD5
0a0b3aacdc321a1612d01e285993250b

SHA1
802205c8d1e0a1b6d203815df513fabb4948ad8c

SHA256
4b7b83c99991371b9756ff91ec07abfbbc1c0cc17caf422e6ecd062f2d84cf9a

SHA512
03c4bbe0778b5e839f8e2b09ab189676ef0ed40ee7d098c49575b63ea42bba82ba56dd88d7783e4c4970d20e13debfc5c27556513aac6811264c77211962eb62

Download Submit
\Users\Admin\AppData\Roaming\configurationValue\f1.exe

Filesize
1.3MB

MD5
6fbb68ec3f04b2961b81c9c4bb591b18

SHA1
cc215398392070b62ac0edb951804f8c76630d08

SHA256
0ab25294685dfc422eb597698b11442e8cf4afb44bea0cd6305477f8a0f5d904

SHA512
189bc24be8bf4abd19ea4f2b8262a55b7e8665dc0d04474cf868b997ef31bb438813f1bdf87b4f54adafef7184b74ed943ca22ec027d05206beb2deb5bdf0e39

Download Submit
\Users\Admin\AppData\Roaming\configurationValue\f1.exe

Filesize
1.3MB

MD5
6fbb68ec3f04b2961b81c9c4bb591b18

SHA1
cc215398392070b62ac0edb951804f8c76630d08

SHA256
0ab25294685dfc422eb597698b11442e8cf4afb44bea0cd6305477f8a0f5d904

SHA512
189bc24be8bf4abd19ea4f2b8262a55b7e8665dc0d04474cf868b997ef31bb438813f1bdf87b4f54adafef7184b74ed943ca22ec027d05206beb2deb5bdf0e39

Download Submit
\Users\Admin\AppData\Roaming\configurationValue\f1.exe

Filesize
1.3MB

MD5
6fbb68ec3f04b2961b81c9c4bb591b18

SHA1
cc215398392070b62ac0edb951804f8c76630d08

SHA256
0ab25294685dfc422eb597698b11442e8cf4afb44bea0cd6305477f8a0f5d904

SHA512
189bc24be8bf4abd19ea4f2b8262a55b7e8665dc0d04474cf868b997ef31bb438813f1bdf87b4f54adafef7184b74ed943ca22ec027d05206beb2deb5bdf0e39

Download Submit
\Users\Admin\AppData\Roaming\configurationValue\f1.exe

Filesize
1.3MB

MD5
6fbb68ec3f04b2961b81c9c4bb591b18

SHA1
cc215398392070b62ac0edb951804f8c76630d08

SHA256
0ab25294685dfc422eb597698b11442e8cf4afb44bea0cd6305477f8a0f5d904

SHA512
189bc24be8bf4abd19ea4f2b8262a55b7e8665dc0d04474cf868b997ef31bb438813f1bdf87b4f54adafef7184b74ed943ca22ec027d05206beb2deb5bdf0e39

Download Submit
\Users\Admin\AppData\Roaming\configurationValue\f1.exe

Filesize
1.3MB

MD5
6fbb68ec3f04b2961b81c9c4bb591b18

SHA1
cc215398392070b62ac0edb951804f8c76630d08

SHA256
0ab25294685dfc422eb597698b11442e8cf4afb44bea0cd6305477f8a0f5d904

SHA512
189bc24be8bf4abd19ea4f2b8262a55b7e8665dc0d04474cf868b997ef31bb438813f1bdf87b4f54adafef7184b74ed943ca22ec027d05206beb2deb5bdf0e39

Download Submit
\Users\Admin\AppData\Roaming\configurationValue\m1.exe

Filesize
3.6MB

MD5
4fb7d752ce196cd847ec8bacd9c51906

SHA1
c3325b47ae7348d38c97157c7e8cfaeb4b2c4a52

SHA256
8dae0e9964e70eb34d55763bd6f4a23c08d0f253e1c07002e04d69025d8bc749

SHA512
a0c52c4c84f60d41ab8a2e9b779e2f81adc902c61c58546c6c745e4e9eb86d10d94d7a75f45c87f109c0bb6898f7af31f5504c750ac3f58b5d18d8998b5a3e83

Download Submit
\Users\Admin\AppData\Roaming\configurationValue\m1.exe

Filesize
3.6MB

MD5
4fb7d752ce196cd847ec8bacd9c51906

SHA1
c3325b47ae7348d38c97157c7e8cfaeb4b2c4a52

SHA256
8dae0e9964e70eb34d55763bd6f4a23c08d0f253e1c07002e04d69025d8bc749

SHA512
a0c52c4c84f60d41ab8a2e9b779e2f81adc902c61c58546c6c745e4e9eb86d10d94d7a75f45c87f109c0bb6898f7af31f5504c750ac3f58b5d18d8998b5a3e83

Download Submit
memory/680-92-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download
memory/680-102-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/680-106-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download
memory/680-107-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download
memory/680-94-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download
memory/680-111-0x0000000000910000-0x0000000000950000-memory.dmp

Filesize
256KB

Download
memory/680-120-0x0000000000910000-0x0000000000950000-memory.dmp

Filesize
256KB

Download
memory/776-72-0x0000000000C40000-0x000000000111A000-memory.dmp

Filesize
4.9MB

Download
memory/900-93-0x0000000000400000-0x000000000056C000-memory.dmp

Filesize
1.4MB

Download
memory/900-91-0x0000000000400000-0x000000000056C000-memory.dmp

Filesize
1.4MB

Download
memory/1852-54-0x0000000001130000-0x00000000019DC000-memory.dmp

Filesize
8.7MB

Download

Analysis

Sharing

General

Malware Config

Extracted

Extracted

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads