laplas | f49d931295e2da64727db9d3d867051232d54f0b2aad5c2cee896b40aa0e86fe | Triage

Submit
Reports

Overview

overview

Static

static

1

9735a5a688...50.exe

windows7-x64

9735a5a688...50.exe

windows10-2004-x64

Sharing

General

Target

9735a5a6882e9fe7578d745f8a693b50.exe
Size

1.3MB
Sample

230329-txhpqaha66
MD5

9735a5a6882e9fe7578d745f8a693b50
SHA1

2cb86a0a4cafc825bf413f057ce067da7f802f74
SHA256

f49d931295e2da64727db9d3d867051232d54f0b2aad5c2cee896b40aa0e86fe
SHA512

7b6ded7b2dd74f399006223f523c294a546f11af9c00b5958ce6ed6734c916688ea8a59d6e961e40a65b633859b74e9f7635e100f72c0004830704d4e8a1b01b
SSDEEP

24576:29Cv53II5kebo7w0AshMGqOI0LslSIpO4u6+/3:2EII5Vo7w3shHoSk+v

Score

10^/10

laplas stealc clipper discovery persistence spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

9735a5a6882e9fe7578d745f8a693b50.exe

Resource

win7-20230220-en

laplas stealc clipper discovery persistence spyware stealer

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

9735a5a6882e9fe7578d745f8a693b50.exe

Resource

win10v2004-20230220-en

laplas stealc clipper discovery persistence spyware stealer

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Extracted

Family

stealc

C2

http://5.75.155.1/d522566a552de05d.php

Extracted

Family

laplas

C2

http://51.195.166.203

Attributes

api_key
b6fe9b83a8d3b268f74c16f34b6930cd2d2a47117a90beb53ffd773d00945a9e

Targets

- Target
  
  9735a5a6882e9fe7578d745f8a693b50.exe
- Size
  
  1.3MB
- MD5
  
  9735a5a6882e9fe7578d745f8a693b50
- SHA1
  
  2cb86a0a4cafc825bf413f057ce067da7f802f74
- SHA256
  
  f49d931295e2da64727db9d3d867051232d54f0b2aad5c2cee896b40aa0e86fe
- SHA512
  
  7b6ded7b2dd74f399006223f523c294a546f11af9c00b5958ce6ed6734c916688ea8a59d6e961e40a65b633859b74e9f7635e100f72c0004830704d4e8a1b01b
- SSDEEP
  
  24576:29Cv53II5kebo7w0AshMGqOI0LslSIpO4u6+/3:2EII5Vo7w3shHoSk+v
Score

10^/10

laplas stealc clipper discovery persistence spyware stealer
- Detects Stealc stealer
  stealer
- Laplas Clipper
  Laplas is a crypto wallet stealer with three variants written in Golang, C#, and C++.
  stealer clipper laplas
- Stealc
  Stealc is an infostealer written in C++.
  stealer stealc
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Install Root Certificate

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

laplasstealcclipperdiscoverypersistencespywarestealer

behavioral2

laplasstealcclipperdiscoverypersistencespywarestealer

© 2018-2024

Terms | Privacy