General
-
Target
c1378f7991f51df8a693533c12d87b77.bin
-
Size
203KB
-
Sample
230402-cfb26sfd6w
-
MD5
30427d28630a2782012013bc6df2264f
-
SHA1
5d1d045c19e38fe837dfae7e5b78cf59ba2c6794
-
SHA256
26c995530de0bd37914392b2ebb46cacb8f873415d1155703ebfcbef0a953fb6
-
SHA512
bce2b4cb42dfeaaffba5ee1c7e8acfd7b98fce84eab059e988fcaef5359601d59779dd72c846bf9c580d4afec94c5359d4b196dcf4fb57fa8dbf65413ec9a05e
-
SSDEEP
6144:VitukEfb4g2djz1dp68UYSoSUQ/94+373xjN9:Vitn+bsj5lcr/ZLhH
Malware Config
Extracted
laplas
http://45.159.189.105
-
api_key
282dad126e565baaaf231822cab8d693912f9b76b528a6f568b2bac069b49e61
Targets
-
-
Target
7ab2228581a86441739dfb6f4e8057cd220abdabe13fa2f2a8d9ee904e5612f6.exe
-
Size
297KB
-
MD5
c1378f7991f51df8a693533c12d87b77
-
SHA1
a158c289e1f6016dbb9f31924e7bf3879f09653f
-
SHA256
7ab2228581a86441739dfb6f4e8057cd220abdabe13fa2f2a8d9ee904e5612f6
-
SHA512
7537668e6851d415dbf2635aee2daff4348664ee16bb58e2d14f8fcb6b8f314ec1a65c7286341012727a1902e1f31b71c6a9dd00c9cd4be6b03d248f9deb68d7
-
SSDEEP
3072:0n7mRSVeIn8O9iyGvSzQb6SEZ5Q3tmsvL88dXa23CcxsD4zpS9uSRh5qHeNNrAjp:AQkTiyGvSzhsvL8K3Cv4g9vh0Gof
Score10/10-
Laplas Clipper
Laplas is a crypto wallet stealer with three variants written in Golang, C#, and C++.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-