laplas | 414a0bf51ee426a007c528ecb84a563f21c40f3a2feb06485baad0e8ab439adf | Triage

Sharing

General

Target

414a0bf51ee426a007c528ecb84a563f21c40f3a2feb06485baad0e8ab439adf.bin
Size

3.2MB
Sample

230501-trkl5acc43
MD5

31f8c08862caa2ec10a82867dbdf188b
SHA1

144d1037d253808aae23d2fa14d930a76bc7ad51
SHA256

414a0bf51ee426a007c528ecb84a563f21c40f3a2feb06485baad0e8ab439adf
SHA512

52288d822170c3d813258ed63d97975f5f3f6c0f0d3238fe54a38cfa80f8c675efec3d2ea3a23b15f6d37408f7419f5b17e28970116f919273451190f587083f
SSDEEP

49152:CC9i1Db4FFMmKLZi9gOzDx8iE66tfvbFDfgC0JaRYHw3pjLMRzJwWlo1a4/0fH:xwF4FjGOzF8iAtbFDV0JaRm9RzJGkJv

Score

10^/10

laplas clipper evasion persistence stealer trojan

Malware Config

Extracted

Family

laplas

C2

http://45.159.189.33

Attributes

api_key
d1a05de376c0be1daa56dfb2715c8a0c5df8a111b8b31decc886df1e48db7c9c

Targets

- Target
  
  414a0bf51ee426a007c528ecb84a563f21c40f3a2feb06485baad0e8ab439adf.bin
- Size
  
  3.2MB
- MD5
  
  31f8c08862caa2ec10a82867dbdf188b
- SHA1
  
  144d1037d253808aae23d2fa14d930a76bc7ad51
- SHA256
  
  414a0bf51ee426a007c528ecb84a563f21c40f3a2feb06485baad0e8ab439adf
- SHA512
  
  52288d822170c3d813258ed63d97975f5f3f6c0f0d3238fe54a38cfa80f8c675efec3d2ea3a23b15f6d37408f7419f5b17e28970116f919273451190f587083f
- SSDEEP
  
  49152:CC9i1Db4FFMmKLZi9gOzDx8iE66tfvbFDfgC0JaRYHw3pjLMRzJwWlo1a4/0fH:xwF4FjGOzF8iAtbFDV0JaRm9RzJGkJv
Score

10^/10

laplas clipper evasion persistence stealer trojan
- Laplas Clipper
  Laplas is a crypto wallet stealer with three variants written in Golang, C#, and C++.
  stealer clipper laplas
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

laplasclipperevasionpersistencestealertrojan

behavioral2

laplasclipperevasionpersistencestealertrojan