Overview

overview

10

Static

static

1

7ab2228581...f6.exe

windows7-x64

10

7ab2228581...f6.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c1378f7991f51df8a693533c12d87b77.bin

  • Size

    203KB

  • Sample

    230402-cfb26sfd6w

  • MD5

    30427d28630a2782012013bc6df2264f

  • SHA1

    5d1d045c19e38fe837dfae7e5b78cf59ba2c6794

  • SHA256

    26c995530de0bd37914392b2ebb46cacb8f873415d1155703ebfcbef0a953fb6

  • SHA512

    bce2b4cb42dfeaaffba5ee1c7e8acfd7b98fce84eab059e988fcaef5359601d59779dd72c846bf9c580d4afec94c5359d4b196dcf4fb57fa8dbf65413ec9a05e

  • SSDEEP

    6144:VitukEfb4g2djz1dp68UYSoSUQ/94+373xjN9:Vitn+bsj5lcr/ZLhH

Score
10/10
laplasclipperpersistencestealer

Malware Config

Extracted

Family

laplas

C2

http://45.159.189.105

Attributes
  • api_key

    282dad126e565baaaf231822cab8d693912f9b76b528a6f568b2bac069b49e61

Targets

    • Target

      7ab2228581a86441739dfb6f4e8057cd220abdabe13fa2f2a8d9ee904e5612f6.exe

    • Size

      297KB

    • MD5

      c1378f7991f51df8a693533c12d87b77

    • SHA1

      a158c289e1f6016dbb9f31924e7bf3879f09653f

    • SHA256

      7ab2228581a86441739dfb6f4e8057cd220abdabe13fa2f2a8d9ee904e5612f6

    • SHA512

      7537668e6851d415dbf2635aee2daff4348664ee16bb58e2d14f8fcb6b8f314ec1a65c7286341012727a1902e1f31b71c6a9dd00c9cd4be6b03d248f9deb68d7

    • SSDEEP

      3072:0n7mRSVeIn8O9iyGvSzQb6SEZ5Q3tmsvL88dXa23CcxsD4zpS9uSRh5qHeNNrAjp:AQkTiyGvSzhsvL8K3Cv4g9vh0Gof

    Score
    10/10
    laplasclipperpersistencestealer

    • Laplas Clipper

      Laplas is a crypto wallet stealer with three variants written in Golang, C#, and C++.

      stealerclipperlaplas

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks