laplas | ff2705d0de6c188a2dc637e1d341b4fed1378543328704cbf4e30b1f02eaab77 | Triage

Sharing

General

Target

ff2705d0de6c188a2dc637e1d341b4fed1378543328704cbf4e30b1f02eaab77
Size

2.9MB
Sample

230421-2bepyacc7y
MD5

028afcd4ee3a30be01e8f2c706afbfde
SHA1

0148d10c8ee91f94aebf98c7d2bf00df48381df7
SHA256

ff2705d0de6c188a2dc637e1d341b4fed1378543328704cbf4e30b1f02eaab77
SHA512

dc6a1eb2d1c7ec84b478afd2ecd48a6c9e309aa8ff61313a3f921c4556e8cd2cb77fe5728526422a969300d4e039f509024e04037ecbb95a3d2eacf820ff30cf
SSDEEP

49152:bPGr1J/od7ddFIbB65HJwP7QVBfMtup6qYmg8jLyefHuD+MUvYDL3bNt+jDpe:ber1Bod7dYV65HuP7QVikQUgKLyew+MF

Score

10^/10

laplas clipper evasion persistence stealer trojan

Malware Config

Extracted

Family

laplas

C2

http://163.123.142.220

Attributes

api_key
a0f588021b58e0c7908a163f8750678efedf2a66bf739a12427b379aef47ccde

Targets

- Target
  
  ff2705d0de6c188a2dc637e1d341b4fed1378543328704cbf4e30b1f02eaab77
- Size
  
  2.9MB
- MD5
  
  028afcd4ee3a30be01e8f2c706afbfde
- SHA1
  
  0148d10c8ee91f94aebf98c7d2bf00df48381df7
- SHA256
  
  ff2705d0de6c188a2dc637e1d341b4fed1378543328704cbf4e30b1f02eaab77
- SHA512
  
  dc6a1eb2d1c7ec84b478afd2ecd48a6c9e309aa8ff61313a3f921c4556e8cd2cb77fe5728526422a969300d4e039f509024e04037ecbb95a3d2eacf820ff30cf
- SSDEEP
  
  49152:bPGr1J/od7ddFIbB65HJwP7QVBfMtup6qYmg8jLyefHuD+MUvYDL3bNt+jDpe:ber1Bod7dYV65HuP7QVikQUgKLyew+MF
Score

10^/10

laplas clipper evasion persistence stealer trojan
- Laplas Clipper
  Laplas is a crypto wallet stealer with three variants written in Golang, C#, and C++.
  stealer clipper laplas
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

laplasclipperevasionpersistencestealertrojan

behavioral2

laplasclipperevasionpersistencestealertrojan