General
-
Target
sdax.exe
-
Size
725.8MB
-
Sample
230331-1nfmbsdf96
-
MD5
0207380aa8e83e8aaf7a7defc60ddd6e
-
SHA1
ceb93d22de83ad1c993096c12e66929a605c013c
-
SHA256
74e2e74a0115644594768d827af3b6bf70190be406fc783e78133e7b42498b50
-
SHA512
cef4a45b7b9c73e66f6c901267a8b9edb71e0bcad150ab82afb50ef892a5cc4b06c50522f74c29818cd83e0049b116044f33a0921ffe1e741ab1ba67cdb0019f
-
SSDEEP
98304:udcR2OyrVRPLlO/otpGnOYwxR7hv88+MqgtJjKniUDsMsqAnqCN7hmP:ueVyrLg/onGl9pMbtJjKiOpAqCN7h8
Malware Config
Extracted
laplas
http://212.113.106.172
-
api_key
a8f23fb9332db9a7947580ee498822bfe375b57ad7eb47370c7209509050c298
Targets
-
-
Target
sdax.exe
-
Size
725.8MB
-
MD5
0207380aa8e83e8aaf7a7defc60ddd6e
-
SHA1
ceb93d22de83ad1c993096c12e66929a605c013c
-
SHA256
74e2e74a0115644594768d827af3b6bf70190be406fc783e78133e7b42498b50
-
SHA512
cef4a45b7b9c73e66f6c901267a8b9edb71e0bcad150ab82afb50ef892a5cc4b06c50522f74c29818cd83e0049b116044f33a0921ffe1e741ab1ba67cdb0019f
-
SSDEEP
98304:udcR2OyrVRPLlO/otpGnOYwxR7hv88+MqgtJjKniUDsMsqAnqCN7hmP:ueVyrLg/onGl9pMbtJjKiOpAqCN7h8
Score10/10-
Laplas Clipper
Laplas is a crypto wallet stealer with three variants written in Golang, C#, and C++.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-