laplas | ee4289c431dfe5315b3a2decc90aa583aba7bd9fb8049bfe13c0f6aa0d166d06 | Triage

Resubmissions

18-04-2023 13:04

230418-qba6zadc7w 10

18-04-2023 12:53

230418-p4xp1abd95 10

Sharing

General

Target

svcservice.7z
Size

5.0MB
Sample

230418-p4xp1abd95
MD5

4fec8e0b9dbf155b431fb9d988cc5c34
SHA1

0943981828c190aaa91819c9127053a972fa72b9
SHA256

ee4289c431dfe5315b3a2decc90aa583aba7bd9fb8049bfe13c0f6aa0d166d06
SHA512

8ab196ebd7757bebc01298a09505b2afff2447ca89082029515df55fb0d4bda521269e86376ccf4b7ef621c231451c55c9894285bc2e0afad21ae53c1275e0ec
SSDEEP

98304:gS/jVEbCiTSDfNAgSAAyIbPsOwT0FCSHU:Tjo9mNtAPPisnHU

Score

10^/10

laplas clipper persistence stealer

Malware Config

Extracted

Family

laplas

C2

http://nerf-0150-unknown.guru

Attributes

api_key
afc950a4a18fd71c9d7be4c460e4cb77d0bcf29a49d097e4e739c17c332c3a34

Targets

- Target
  
  svcservice.exe
- Size
  
  1023.8MB
- MD5
  
  9112d21551cffc1149f0e11d44afbec0
- SHA1
  
  cd1751ed7525adafdbcf44e6cc1dd0dad1b760c8
- SHA256
  
  723710eaf3beac67ea9191491824d50bd3398951341cea790aabef634a412871
- SHA512
  
  2983e1a653a81b711d2bfe68897934efdd07ca1d02adfe18a903d7cde18af522a03b17f2db273938ef6cc6872bd40950f498d6e60dfef2f522b01d6195d431d6
- SSDEEP
  
  3145728:m33333333333333333333333333333333333333333333333333333333333333y:P
Score

10^/10

laplas clipper persistence stealer
- Laplas Clipper
  Laplas is a crypto wallet stealer with three variants written in Golang, C#, and C++.
  stealer clipper laplas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

laplasclipperpersistencestealer

behavioral2

laplasclipperpersistencestealer