laplas | 9fbc398697579871e9ed351b5874acacb8b435178b32ff6506a03e5738b2e75f | Triage

Submit
Reports

Overview

overview

Static

static

3

e88c37f1bb...3f.exe

windows7-x64

e88c37f1bb...3f.exe

windows10-2004-x64

Sharing

General

Target

e88c37f1bb15fcbe857ee8c4d526153f.bin
Size

1.9MB
Sample

230501-xl5lwsgc7y
MD5

e88c37f1bb15fcbe857ee8c4d526153f
SHA1

c52537d8b02f5c9c9ea40f78a7e2c9f8dc78225b
SHA256

9fbc398697579871e9ed351b5874acacb8b435178b32ff6506a03e5738b2e75f
SHA512

8065ee3b4fd2130549f016c5accb5f8347812b2b0cf6cc97bf712e6b34d30d3dd893dbcf250db60bd0d17550e36462dce4d3ae33858007af2e19e7ad71e44164
SSDEEP

49152:IBJ/2XAf/cdSy4ihSiudHKWw7YYlMDFUjcgbeR:ywXI0c5icLKJEYlIFicWe

Score

10^/10

laplas redline red clipper infostealer persistence spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

e88c37f1bb15fcbe857ee8c4d526153f.exe

Resource

win7-20230220-en

redline red infostealer spyware

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

e88c37f1bb15fcbe857ee8c4d526153f.exe

Resource

win10v2004-20230220-en

laplas redline red clipper infostealer persistence spyware stealer

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

RED

C2

79.137.202.0:81

Attributes

auth_value
49e32ec54afd3f75dadad05dbf2e524f

Extracted

Family

laplas

C2

http://79.137.199.252

Attributes

api_key
ab77c1513d42148558312d676282a204d8aa055051d315af2056241c7f79c6f4

Targets

- Target
  
  e88c37f1bb15fcbe857ee8c4d526153f.bin
- Size
  
  1.9MB
- MD5
  
  e88c37f1bb15fcbe857ee8c4d526153f
- SHA1
  
  c52537d8b02f5c9c9ea40f78a7e2c9f8dc78225b
- SHA256
  
  9fbc398697579871e9ed351b5874acacb8b435178b32ff6506a03e5738b2e75f
- SHA512
  
  8065ee3b4fd2130549f016c5accb5f8347812b2b0cf6cc97bf712e6b34d30d3dd893dbcf250db60bd0d17550e36462dce4d3ae33858007af2e19e7ad71e44164
- SSDEEP
  
  49152:IBJ/2XAf/cdSy4ihSiudHKWw7YYlMDFUjcgbeR:ywXI0c5icLKJEYlIFicWe
Score

10^/10

redline red infostealer spyware laplas clipper persistence stealer
- Detects Redline Stealer samples
  This rule detects the presence of Redline Stealer samples based on their unique strings.
  stealer
- Laplas Clipper
  Laplas is a crypto wallet stealer with three variants written in Golang, C#, and C++.
  stealer clipper laplas
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlineredinfostealerspyware

behavioral2

laplasredlineredclipperinfostealerpersistencespywarestealer

© 2018-2025

Terms | Privacy