laplas | 4b3cce8e86d60ac8b9ac01d2dd135d6a8386c08098e95fbf7a65a069dfd96f1d | Triage

Sharing

General

Target

4b3cce8e86d60ac8b9ac01d2dd135d6a8386c08098e95fbf7a65a069dfd96f1d
Size

3.1MB
Sample

230425-d4d24sgc26
MD5

aa7df3ed889baecbe0a09bc3e75efbfe
SHA1

2d9f8e98597611f0c70a28f0f5a96c9c963b8277
SHA256

4b3cce8e86d60ac8b9ac01d2dd135d6a8386c08098e95fbf7a65a069dfd96f1d
SHA512

6e43f52839ab0dbbd74f1fe3c041f974df3abce97f23dc441a679e479551083c3d81bb1d3da9f89855549dee8a79415907fc3bf833c0a36704ad727b122f3333
SSDEEP

49152:CADdEi3psHUFpBlM7pEdraVsosJ585bm57orAxRG:CEdEi5sHypQ7ayQfj5oAxR

Score

10^/10

laplas clipper evasion persistence stealer trojan

Malware Config

Extracted

Family

laplas

C2

http://163.123.142.220

Attributes

api_key
a0f588021b58e0c7908a163f8750678efedf2a66bf739a12427b379aef47ccde

Targets

- Target
  
  4b3cce8e86d60ac8b9ac01d2dd135d6a8386c08098e95fbf7a65a069dfd96f1d
- Size
  
  3.1MB
- MD5
  
  aa7df3ed889baecbe0a09bc3e75efbfe
- SHA1
  
  2d9f8e98597611f0c70a28f0f5a96c9c963b8277
- SHA256
  
  4b3cce8e86d60ac8b9ac01d2dd135d6a8386c08098e95fbf7a65a069dfd96f1d
- SHA512
  
  6e43f52839ab0dbbd74f1fe3c041f974df3abce97f23dc441a679e479551083c3d81bb1d3da9f89855549dee8a79415907fc3bf833c0a36704ad727b122f3333
- SSDEEP
  
  49152:CADdEi3psHUFpBlM7pEdraVsosJ585bm57orAxRG:CEdEi5sHypQ7ayQfj5oAxR
Score

10^/10

laplas clipper evasion persistence stealer trojan
- Laplas Clipper
  Laplas is a crypto wallet stealer with three variants written in Golang, C#, and C++.
  stealer clipper laplas
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

laplasclipperevasionpersistencestealertrojan

behavioral2

laplasclipperevasionpersistencestealertrojan