laplas | 73341bc80c4983f7e88d3fc0e95b8746aa00cb8acba2b3e08776782a2d53941b | Triage

Sharing

General

Target

73341bc80c4983f7e88d3fc0e95b8746aa00cb8acba2b3e08776782a2d53941b
Size

3.0MB
Sample

230507-dycxvsca5x
MD5

767368afad019d5edbe21da0624d0aeb
SHA1

5679da5ac1514c7a73a790b23bea7ac972e0d2f8
SHA256

73341bc80c4983f7e88d3fc0e95b8746aa00cb8acba2b3e08776782a2d53941b
SHA512

5b397df629a76c57577e5dea05bb31df820aae61984b54986a13f058e9e13ed651921122819e2483d3546bd7b7fbf81f9c1370f10c90c15b6cc678f4f9cffaef
SSDEEP

49152:mhhQZmZBmCB7jzyqnqlaHprubMKs4PTu4853wLPrs9Sirh67l+G5IkT6d+1X1pe:mXtZICB7jmq4AHMywLP4nrc5I3+l6

Score

10^/10

laplas clipper evasion persistence stealer trojan

Malware Config

Extracted

Family

laplas

C2

http://45.159.189.33

Attributes

api_key
d1a05de376c0be1daa56dfb2715c8a0c5df8a111b8b31decc886df1e48db7c9c

Targets

- Target
  
  73341bc80c4983f7e88d3fc0e95b8746aa00cb8acba2b3e08776782a2d53941b
- Size
  
  3.0MB
- MD5
  
  767368afad019d5edbe21da0624d0aeb
- SHA1
  
  5679da5ac1514c7a73a790b23bea7ac972e0d2f8
- SHA256
  
  73341bc80c4983f7e88d3fc0e95b8746aa00cb8acba2b3e08776782a2d53941b
- SHA512
  
  5b397df629a76c57577e5dea05bb31df820aae61984b54986a13f058e9e13ed651921122819e2483d3546bd7b7fbf81f9c1370f10c90c15b6cc678f4f9cffaef
- SSDEEP
  
  49152:mhhQZmZBmCB7jzyqnqlaHprubMKs4PTu4853wLPrs9Sirh67l+G5IkT6d+1X1pe:mXtZICB7jmq4AHMywLP4nrc5I3+l6
Score

10^/10

laplas clipper evasion persistence stealer trojan
- Laplas Clipper
  Laplas is a crypto wallet stealer with three variants written in Golang, C#, and C++.
  stealer clipper laplas
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

laplasclipperevasionpersistencestealertrojan

behavioral2

laplasclipperevasionpersistencestealertrojan