Overview

overview

10

Static

static

1

VoiceContr...ne.exe

windows7-x64

3

VoiceContr...ne.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    VoiceControlEngine.exe

  • Size

    5.9MB

  • Sample

    230406-qeznqsfa9t

  • MD5

    aa57f0d7a099773175006624cc891b29

  • SHA1

    44598d94dac6e9c72ffe65f9e17cf77c2c73e6fe

  • SHA256

    6227df9ce53429b024cb2fa118a7a735ec1c048117cb1a46247e92f1b839814f

  • SHA512

    e0fff8e7d8de1dc5b3d84bdea90828f9739499183aabb11eb5b7600af132f8fa0569bc49d4ca21ec5df925482ec2149d0134a88a4e8a632cb0326444a6bc31b0

  • SSDEEP

    98304:5fsK1JWzYls9x4CwqEZSK84oBfrNy+yvsHrj0XXrmca/mDU9vf2eESEGMeNR:hbJWzY4x4Tq7Kx4ybsHEnrmyg9vsSEps

Score
10/10
laplasclipperpersistencestealer

Malware Config

Extracted

Family

laplas

C2

http://45.159.189.105

Attributes
  • api_key

    6a2714906f1325d666e4cf9f6269c2352ccfb7e7f1a23c114287dc69ddf27cb0

Targets

    • Target

      VoiceControlEngine.exe

    • Size

      5.9MB

    • MD5

      aa57f0d7a099773175006624cc891b29

    • SHA1

      44598d94dac6e9c72ffe65f9e17cf77c2c73e6fe

    • SHA256

      6227df9ce53429b024cb2fa118a7a735ec1c048117cb1a46247e92f1b839814f

    • SHA512

      e0fff8e7d8de1dc5b3d84bdea90828f9739499183aabb11eb5b7600af132f8fa0569bc49d4ca21ec5df925482ec2149d0134a88a4e8a632cb0326444a6bc31b0

    • SSDEEP

      98304:5fsK1JWzYls9x4CwqEZSK84oBfrNy+yvsHrj0XXrmca/mDU9vf2eESEGMeNR:hbJWzY4x4Tq7Kx4ybsHEnrmyg9vsSEps

    Score
    10/10
    laplasclipperpersistencestealer

    • Laplas Clipper

      Laplas is a crypto wallet stealer with three variants written in Golang, C#, and C++.

      stealerclipperlaplas

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks