laplas | 785cb3b54431b3263c31575eba2105a639acc717ed7224e16765311bd7d44fdc | Triage

Sharing

General

Target

d9f6bfffe255763244f7b63d647f2869.exe
Size

2.6MB
Sample

230421-swbz4sgc96
MD5

d9f6bfffe255763244f7b63d647f2869
SHA1

8e08e061cb03b7e115cb95a7f5d90ab15634543f
SHA256

785cb3b54431b3263c31575eba2105a639acc717ed7224e16765311bd7d44fdc
SHA512

d1fe50c73bba0d7dc0298967e000bbbec62c25df54633c413f4070e5b53eed2c91b9d37a5d06e47b6b5b704b7119272e63cb26d4fd0176a4ba54f25c61a1adbc
SSDEEP

49152:IBJM6kjimTyXgmuzIkqg+5oRI+wUa96VLnMo/xajfsPU:y+6fmTyXgVUNoaUa96N/xY

Score

10^/10

laplas redline red clipper infostealer persistence spyware stealer

Malware Config

Extracted

Family

redline

Botnet

RED

C2

79.137.202.0:81

Attributes

auth_value
49e32ec54afd3f75dadad05dbf2e524f

Extracted

Family

laplas

C2

http://79.137.199.252

Attributes

api_key
ab77c1513d42148558312d676282a204d8aa055051d315af2056241c7f79c6f4

Targets

- Target
  
  d9f6bfffe255763244f7b63d647f2869.exe
- Size
  
  2.6MB
- MD5
  
  d9f6bfffe255763244f7b63d647f2869
- SHA1
  
  8e08e061cb03b7e115cb95a7f5d90ab15634543f
- SHA256
  
  785cb3b54431b3263c31575eba2105a639acc717ed7224e16765311bd7d44fdc
- SHA512
  
  d1fe50c73bba0d7dc0298967e000bbbec62c25df54633c413f4070e5b53eed2c91b9d37a5d06e47b6b5b704b7119272e63cb26d4fd0176a4ba54f25c61a1adbc
- SSDEEP
  
  49152:IBJM6kjimTyXgmuzIkqg+5oRI+wUa96VLnMo/xajfsPU:y+6fmTyXgVUNoaUa96N/xY
Score

10^/10

laplas redline red clipper infostealer persistence stealer spyware
- Laplas Clipper
  Laplas is a crypto wallet stealer with three variants written in Golang, C#, and C++.
  stealer clipper laplas
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

laplasredlineredclipperinfostealerpersistencestealer

behavioral2

redlineredinfostealerpersistencespyware