Overview

overview

10

Static

static

1

setup.exe

windows7-x64

10

setup.exe

windows10-2004-x64

10

Resubmissions

24-03-2023 20:03

230324-ys4tlsha78 10

23-03-2023 01:54

230323-cbjw8aeg4v 10

Analysis

  • max time kernel
    149s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24-03-2023 20:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    setup.exe

  • Size

    1.9MB

  • MD5

    c744e2d74b828c767877c52e125087af

  • SHA1

    444809a0b355b365fadc03e50ac577b1b1fa50eb

  • SHA256

    dccb7a134aae7970fc13ab3db3737b62b733ba33627945a1d5cdf61870ff4842

  • SHA512

    084e0f42ecb98a1915db1128a704a1650b07e7acffc4852cadc9684dfd643619e1668ab7ef83321483a2eaeadcd83e58379cd4db3e11a4085d74ee42bb095fff

  • SSDEEP

    49152:xKcn0Cjj3zONh6qrCf2TXEUPsNq3WVAThDWZaXQZh8:ocdDZqCIbPzWVyhDWZaXQZh

Score
10/10
laplasclipperpersistencestealer

Malware Config

Extracted

Family

laplas

C2

http://45.87.154.105

Attributes
  • api_key

    1c630872d348a77d04368d542fde4663bc2bcb96f1b909554db3472c08df2767

Signatures

  • Laplas Clipper

    Laplas is a crypto wallet stealer with three variants written in Golang, C#, and C++.

    stealerclipperlaplas
  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\setup.exe
    "C:\Users\Admin\AppData\Local\Temp\setup.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious use of WriteProcessMemory
    PID:4696
    • C:\Users\Admin\AppData\Roaming\NTSystem\ntlhost.exe
      C:\Users\Admin\AppData\Roaming\NTSystem\ntlhost.exe
      2⤵
      • Executes dropped EXE
      PID:5116

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\NTSystem\ntlhost.exe
    Filesize

    740.9MB

    MD5

    071eb91db464687d83b7cf73d322b135

    SHA1

    3765d8e65b52296313a44dc771cc90dcdeb776d0

    SHA256

    da795ba108400403ed15e061596a03f747ee2e1474723ee5724a76c0955d5a53

    SHA512

    615b7298658788420105bff0b6c11b8a80ab6c34627813ff7d054ff27fa4684e184eb301e8826576e439316d535800f0c3d7c21ef35d9430fa76eef584b023a6

    Download Submit

  • C:\Users\Admin\AppData\Roaming\NTSystem\ntlhost.exe
    Filesize

    740.9MB

    MD5

    071eb91db464687d83b7cf73d322b135

    SHA1

    3765d8e65b52296313a44dc771cc90dcdeb776d0

    SHA256

    da795ba108400403ed15e061596a03f747ee2e1474723ee5724a76c0955d5a53

    SHA512

    615b7298658788420105bff0b6c11b8a80ab6c34627813ff7d054ff27fa4684e184eb301e8826576e439316d535800f0c3d7c21ef35d9430fa76eef584b023a6

    Download Submit

  • memory/4696-134-0x0000000002540000-0x0000000002910000-memory.dmp

    Filesize

    3.8MB

    Download

  • memory/4696-139-0x0000000000400000-0x0000000000803000-memory.dmp

    Filesize

    4.0MB

    Download

  • memory/4696-140-0x0000000002540000-0x0000000002910000-memory.dmp

    Filesize

    3.8MB

    Download

  • memory/5116-146-0x0000000000400000-0x0000000000803000-memory.dmp

    Filesize

    4.0MB

    Download

  • memory/5116-144-0x0000000000400000-0x0000000000803000-memory.dmp

    Filesize

    4.0MB

    Download

  • memory/5116-145-0x0000000000400000-0x0000000000803000-memory.dmp

    Filesize

    4.0MB

    Download

  • memory/5116-142-0x0000000000400000-0x0000000000803000-memory.dmp

    Filesize

    4.0MB

    Download

  • memory/5116-147-0x0000000000400000-0x0000000000803000-memory.dmp

    Filesize

    4.0MB

    Download

  • memory/5116-149-0x0000000000400000-0x0000000000803000-memory.dmp

    Filesize

    4.0MB

    Download

  • memory/5116-151-0x0000000000400000-0x0000000000803000-memory.dmp

    Filesize

    4.0MB

    Download

  • memory/5116-152-0x0000000000400000-0x0000000000803000-memory.dmp

    Filesize

    4.0MB

    Download

  • memory/5116-153-0x0000000000400000-0x0000000000803000-memory.dmp

    Filesize

    4.0MB

    Download

  • memory/5116-154-0x0000000000400000-0x0000000000803000-memory.dmp

    Filesize

    4.0MB

    Download

  • memory/5116-155-0x0000000000400000-0x0000000000803000-memory.dmp

    Filesize

    4.0MB

    Download