laplas | e12cb9ff71c0ab867bd5f393e52e5dd1654905d19f2dc55ca5ed99b5ec079e22 | Triage

Sharing

General

Target

aa57f0d7a099773175006624cc891b29.bin
Size

5.3MB
Sample

230408-cpbg1abe26
MD5

ab16ccaf08d4fcc13674e8279333bfe4
SHA1

47c8909f1124e62cde06b52f0eba81744b11928f
SHA256

e12cb9ff71c0ab867bd5f393e52e5dd1654905d19f2dc55ca5ed99b5ec079e22
SHA512

81b7d113796f54ab4beb6aba202035a58cade57d802c467f313a51bd1a56b68614499044ad86b30622c87bdb56ba55e727c28ebe27765b3c7b5354cfb6279745
SSDEEP

98304:vnagCu/4r5D3D8IfWGJD8HispQWLlD4arlaxpOFitdv8k7R8uQU32klA2qck:igCugN8Iftd8Cs+WRzrciFO8k1b93HlS

Score

10^/10

laplas clipper persistence stealer

Malware Config

Extracted

Family

laplas

C2

http://45.159.189.105

Attributes

api_key
6a2714906f1325d666e4cf9f6269c2352ccfb7e7f1a23c114287dc69ddf27cb0

Targets

- Target
  
  6227df9ce53429b024cb2fa118a7a735ec1c048117cb1a46247e92f1b839814f.exe
- Size
  
  5.9MB
- MD5
  
  aa57f0d7a099773175006624cc891b29
- SHA1
  
  44598d94dac6e9c72ffe65f9e17cf77c2c73e6fe
- SHA256
  
  6227df9ce53429b024cb2fa118a7a735ec1c048117cb1a46247e92f1b839814f
- SHA512
  
  e0fff8e7d8de1dc5b3d84bdea90828f9739499183aabb11eb5b7600af132f8fa0569bc49d4ca21ec5df925482ec2149d0134a88a4e8a632cb0326444a6bc31b0
- SSDEEP
  
  98304:5fsK1JWzYls9x4CwqEZSK84oBfrNy+yvsHrj0XXrmca/mDU9vf2eESEGMeNR:hbJWzY4x4Tq7Kx4ybsHEnrmyg9vsSEps
Score

10^/10

laplas clipper persistence stealer
- Laplas Clipper
  Laplas is a crypto wallet stealer with three variants written in Golang, C#, and C++.
  stealer clipper laplas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

laplasclipperpersistencestealer

behavioral2

laplasclipperpersistencestealer