Overview

overview

10

Static

static

1

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    file.exe

  • Size

    231KB

  • Sample

    230403-r9vtpsfd62

  • MD5

    ebb91f36dddcc249a0a99fe6c91b3327

  • SHA1

    46823571b6adc8278ae0031ee8843a67cb8eda47

  • SHA256

    42a55a367750fc5e5c7583b413d02166bd5fccfc48c124e35d650b1878f25bd9

  • SHA512

    ee575500efc7cab52802b5936dc92eb5effb157987b24fe3190957c69a544fd2c37016fa3a6e8c3f5cf79e90454290b71872f9453eeb4d1521302175fbe57460

  • SSDEEP

    3072:wXUhQztlGtv5H3IboGhDuqaoBHZ9AWoKIJaBnS0sztA4lmS/r+KWVOAg0FujDFkF:MzM54bisZ9ACIQBgz/ldnAOtsv

Score
10/10
laplasclipperpersistencestealer

Malware Config

Extracted

Family

laplas

C2

http://45.159.189.105

Attributes
  • api_key

    282dad126e565baaaf231822cab8d693912f9b76b528a6f568b2bac069b49e61

Targets

    • Target

      file.exe

    • Size

      231KB

    • MD5

      ebb91f36dddcc249a0a99fe6c91b3327

    • SHA1

      46823571b6adc8278ae0031ee8843a67cb8eda47

    • SHA256

      42a55a367750fc5e5c7583b413d02166bd5fccfc48c124e35d650b1878f25bd9

    • SHA512

      ee575500efc7cab52802b5936dc92eb5effb157987b24fe3190957c69a544fd2c37016fa3a6e8c3f5cf79e90454290b71872f9453eeb4d1521302175fbe57460

    • SSDEEP

      3072:wXUhQztlGtv5H3IboGhDuqaoBHZ9AWoKIJaBnS0sztA4lmS/r+KWVOAg0FujDFkF:MzM54bisZ9ACIQBgz/ldnAOtsv

    Score
    10/10
    laplasclipperpersistencestealer

    • Laplas Clipper

      Laplas is a crypto wallet stealer with three variants written in Golang, C#, and C++.

      stealerclipperlaplas

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks