laplas | e08ffdbd935971d2ad62d3ecdb736d34302a230485de662a7f6fab81f39df48b | Triage

Submit
Reports

Overview

overview

Static

static

1

file.exe

windows7-x64

file.exe

windows10-2004-x64

Sharing

General

Target

file.exe
Size

1.3MB
Sample

230330-hbtdjsbc35
MD5

ceb62b6ac343ec808a818267e0ef4f6b
SHA1

d936107b1ebd5afe7c61db40c651c583b8b58487
SHA256

e08ffdbd935971d2ad62d3ecdb736d34302a230485de662a7f6fab81f39df48b
SHA512

88b4ed35a22a2dd19d3ee81f8dddfca9e2a871475ce965a5d0038612266d68fe2e50d9d53a89eba9d37f309c614eb218dfb25e75a20ac56ac54e753eca1c6a47
SSDEEP

24576:pYEtXdWl96ju5KGkcIGFI+kMixFDEHq55LOw:/Lg4sKG/IGFQXxZf55Lj

Score

10^/10

laplas stealc clipper discovery persistence spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

file.exe

Resource

win7-20230220-en

laplas stealc clipper discovery persistence spyware stealer

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

file.exe

Resource

win10v2004-20230220-en

laplas stealc clipper discovery persistence spyware stealer

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Extracted

Family

stealc

C2

http://5.75.155.1/d522566a552de05d.php

Extracted

Family

laplas

C2

http://51.195.166.203

Attributes

api_key
b6fe9b83a8d3b268f74c16f34b6930cd2d2a47117a90beb53ffd773d00945a9e

Targets

- Target
  
  file.exe
- Size
  
  1.3MB
- MD5
  
  ceb62b6ac343ec808a818267e0ef4f6b
- SHA1
  
  d936107b1ebd5afe7c61db40c651c583b8b58487
- SHA256
  
  e08ffdbd935971d2ad62d3ecdb736d34302a230485de662a7f6fab81f39df48b
- SHA512
  
  88b4ed35a22a2dd19d3ee81f8dddfca9e2a871475ce965a5d0038612266d68fe2e50d9d53a89eba9d37f309c614eb218dfb25e75a20ac56ac54e753eca1c6a47
- SSDEEP
  
  24576:pYEtXdWl96ju5KGkcIGFI+kMixFDEHq55LOw:/Lg4sKG/IGFQXxZf55Lj
Score

10^/10

laplas stealc clipper discovery persistence spyware stealer
- Detects Stealc stealer
  stealer
- Laplas Clipper
  Laplas is a crypto wallet stealer with three variants written in Golang, C#, and C++.
  stealer clipper laplas
- Stealc
  Stealc is an infostealer written in C++.
  stealer stealc
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Install Root Certificate

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

laplasstealcclipperdiscoverypersistencespywarestealer

behavioral2

laplasstealcclipperdiscoverypersistencespywarestealer

© 2018-2024

Terms | Privacy