laplas | 8a4556d74daa2806d18dc91baacd78214e0aec0403daf9cbfdf75b18894a1eb0 | Triage

Sharing

General

Target

vdcs.exe
Size

726.4MB
Sample

230427-qp27lshg2s
MD5

8e550f6a030e464657cad196e93b54ef
SHA1

2ccc4dbb3efe605dd3d68cacbd98ecbb91c42284
SHA256

8a4556d74daa2806d18dc91baacd78214e0aec0403daf9cbfdf75b18894a1eb0
SHA512

e59aae5ac79c667bbdf52dc26108610c6e871da231122c36117c94b103a60bd20ed59b30ae4dae520c777574f76a1e6199fe2606d7cdb888a7f9da20b66d7ba9
SSDEEP

98304:ponC5g4H7xXJqStkoRYXGRdKocRaG/n85B7Gv9n+J4P6F9RuBhSMf5rXEAxbxtq2:pz5z1JNSo2XlzuB7M9nRYuXzf+ABZb

Score

10^/10

laplas clipper persistence stealer

Malware Config

Extracted

Family

laplas

C2

http://85.192.40.252

Attributes

api_key
a8f23fb9332db9a7947580ee498822bfe375b57ad7eb47370c7209509050c298

Targets

- Target
  
  vdcs.exe
- Size
  
  726.4MB
- MD5
  
  8e550f6a030e464657cad196e93b54ef
- SHA1
  
  2ccc4dbb3efe605dd3d68cacbd98ecbb91c42284
- SHA256
  
  8a4556d74daa2806d18dc91baacd78214e0aec0403daf9cbfdf75b18894a1eb0
- SHA512
  
  e59aae5ac79c667bbdf52dc26108610c6e871da231122c36117c94b103a60bd20ed59b30ae4dae520c777574f76a1e6199fe2606d7cdb888a7f9da20b66d7ba9
- SSDEEP
  
  98304:ponC5g4H7xXJqStkoRYXGRdKocRaG/n85B7Gv9n+J4P6F9RuBhSMf5rXEAxbxtq2:pz5z1JNSo2XlzuB7M9nRYuXzf+ABZb
Score

10^/10

laplas clipper persistence stealer
- Laplas Clipper
  Laplas is a crypto wallet stealer with three variants written in Golang, C#, and C++.
  stealer clipper laplas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

laplasclipperpersistencestealer