Overview

overview

10

Static

static

1

d79c7afdc8...14.exe

windows7-x64

10

d79c7afdc8...14.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    79f92f15ae5abceeaf487bf041aec54d.bin

  • Size

    6.8MB

  • Sample

    230402-b378fsfc8t

  • MD5

    6663f32523b6302046514d05d9519885

  • SHA1

    fa619e54a7a295faee139a775abd57b5a33e6bb4

  • SHA256

    d6bded6019229818ccf6ee5bb74dd5eb73cbe05ccadd30793e31ea7393738d9f

  • SHA512

    6b3309592665cf7285b0c3d4fbbff84ee852a6360b5687f2514cd73995aa693ac197462adf7b7a3b26049f14d70f7c5237820dd485f31bb3249f3c5edc19f1d2

  • SSDEEP

    196608:0M9wNOwffGmepMefubAAZvGNmXsmNe0ZO:0M97w3vepdfubBZvqmXsAA

Score
10/10
laplasclipperpersistencestealer

Malware Config

Extracted

Family

laplas

C2

http://45.159.189.105

Attributes
  • api_key

    282dad126e565baaaf231822cab8d693912f9b76b528a6f568b2bac069b49e61

Targets

    • Target

      d79c7afdc8721f4f547c931ce6e0b20ac24193bdc63e4fee1e700e930199bc14.exe

    • Size

      7.2MB

    • MD5

      79f92f15ae5abceeaf487bf041aec54d

    • SHA1

      05cd320d0a7f52a3511c05e54360d4512fd4da57

    • SHA256

      d79c7afdc8721f4f547c931ce6e0b20ac24193bdc63e4fee1e700e930199bc14

    • SHA512

      36c65db2149eb8b43356982533e79749a715174cf220ae519861117eaebd239531b4dc6a6db303d06171dd43d2d4371d6be40b7ea6a1cf590d7f919f2148431f

    • SSDEEP

      196608:TOZKfeUTUAYVz1ayJz2kzxXuzg6CF9X2G:TYKmUzaz1BJ2oxXAg6CLX

    Score
    10/10
    laplasclipperpersistencestealer

    • Laplas Clipper

      Laplas is a crypto wallet stealer with three variants written in Golang, C#, and C++.

      stealerclipperlaplas

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks