laplas | 34fe727a0ee5e713e228440cb9395c77a8cbc83f106b6328ecbeb0d3ac6a1404 | Triage

Sharing

General

Target

34fe727a0ee5e713e228440cb9395c77a8cbc83f106b6328ecbeb0d3ac6a1404
Size

3.1MB
Sample

230421-17frfacc21
MD5

accbcf9680c8bf835cf0eabf91b33723
SHA1

2d27a9626a83c7c452f23fa3e2349457e0469c27
SHA256

34fe727a0ee5e713e228440cb9395c77a8cbc83f106b6328ecbeb0d3ac6a1404
SHA512

43696acf7f4b76975afb534c2581ab82b015f2e23dc30fd4f40aefb6eaeccad11d01d922c68f92c6f8be05cc6056f15a67895fc60ce4c36015c02201b8d98c26
SSDEEP

98304:k5BekM0DcBgg5WVJRG6wsW6WY3ZrfrPfw0kN//ItdLGt:UzM0Yyg5WVJLW6R3dLfcN8Lc

Score

10^/10

laplas clipper evasion persistence stealer trojan

Malware Config

Extracted

Family

laplas

C2

http://45.159.189.105

Attributes

api_key
f52a5c9bc5eb2f51b22f04f3e85c301ac0170a650de6044773f0a8309fbdfb79

Targets

- Target
  
  34fe727a0ee5e713e228440cb9395c77a8cbc83f106b6328ecbeb0d3ac6a1404
- Size
  
  3.1MB
- MD5
  
  accbcf9680c8bf835cf0eabf91b33723
- SHA1
  
  2d27a9626a83c7c452f23fa3e2349457e0469c27
- SHA256
  
  34fe727a0ee5e713e228440cb9395c77a8cbc83f106b6328ecbeb0d3ac6a1404
- SHA512
  
  43696acf7f4b76975afb534c2581ab82b015f2e23dc30fd4f40aefb6eaeccad11d01d922c68f92c6f8be05cc6056f15a67895fc60ce4c36015c02201b8d98c26
- SSDEEP
  
  98304:k5BekM0DcBgg5WVJRG6wsW6WY3ZrfrPfw0kN//ItdLGt:UzM0Yyg5WVJLW6R3dLfcN8Lc
Score

10^/10

laplas clipper evasion persistence stealer trojan
- Laplas Clipper
  Laplas is a crypto wallet stealer with three variants written in Golang, C#, and C++.
  stealer clipper laplas
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

laplasclipperevasionpersistencestealertrojan

behavioral2

laplasclipperevasionpersistencestealertrojan