laplas | 7ab2228581a86441739dfb6f4e8057cd220abdabe13fa2f2a8d9ee904e5612f6 | Triage

Sharing

General

Target

c1378f7991f51df8a693533c12d87b77.exe
Size

297KB
Sample

230331-tdxdrsbc73
MD5

c1378f7991f51df8a693533c12d87b77
SHA1

a158c289e1f6016dbb9f31924e7bf3879f09653f
SHA256

7ab2228581a86441739dfb6f4e8057cd220abdabe13fa2f2a8d9ee904e5612f6
SHA512

7537668e6851d415dbf2635aee2daff4348664ee16bb58e2d14f8fcb6b8f314ec1a65c7286341012727a1902e1f31b71c6a9dd00c9cd4be6b03d248f9deb68d7
SSDEEP

3072:0n7mRSVeIn8O9iyGvSzQb6SEZ5Q3tmsvL88dXa23CcxsD4zpS9uSRh5qHeNNrAjp:AQkTiyGvSzhsvL8K3Cv4g9vh0Gof

Score

10^/10

laplas clipper persistence stealer

Malware Config

Extracted

Family

laplas

C2

http://45.159.189.105

Attributes

api_key
282dad126e565baaaf231822cab8d693912f9b76b528a6f568b2bac069b49e61

Targets

- Target
  
  c1378f7991f51df8a693533c12d87b77.exe
- Size
  
  297KB
- MD5
  
  c1378f7991f51df8a693533c12d87b77
- SHA1
  
  a158c289e1f6016dbb9f31924e7bf3879f09653f
- SHA256
  
  7ab2228581a86441739dfb6f4e8057cd220abdabe13fa2f2a8d9ee904e5612f6
- SHA512
  
  7537668e6851d415dbf2635aee2daff4348664ee16bb58e2d14f8fcb6b8f314ec1a65c7286341012727a1902e1f31b71c6a9dd00c9cd4be6b03d248f9deb68d7
- SSDEEP
  
  3072:0n7mRSVeIn8O9iyGvSzQb6SEZ5Q3tmsvL88dXa23CcxsD4zpS9uSRh5qHeNNrAjp:AQkTiyGvSzhsvL8K3Cv4g9vh0Gof
Score

10^/10

laplas clipper persistence stealer
- Laplas Clipper
  Laplas is a crypto wallet stealer with three variants written in Golang, C#, and C++.
  stealer clipper laplas
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

laplasclipperpersistencestealer

behavioral2