laplas | 9f35ecf414df4f8e3d0bfa41cea9ebf0827a271941555cabaf22530d774bd999 | Triage

Sharing

General

Target

9f35ecf414df4f8e3d0bfa41cea9ebf0827a271941555cabaf22530d774bd999
Size

2.7MB
Sample

230507-fsalnacd21
MD5

20974e780438e87cf0fab2e4c10aa72a
SHA1

577e4d37c6897e550abe430d58577b595ed6d2a9
SHA256

9f35ecf414df4f8e3d0bfa41cea9ebf0827a271941555cabaf22530d774bd999
SHA512

c40c222c127d002ea647f3a447426099c7e20f2c9cee48d60f626222e27123406f18e84a2e0774f1725dde001691525487f37e753c5c1dd026b84c958d017e61
SSDEEP

49152:izUKp+KxzGMns8LyGuD7wdwrYvihsZqkWo9pG7XnkMcfWzE65Gl9R/4xEozse:iYKpbxZDyGuDkdRiOZRd9e5KW4aGd/6N

Score

10^/10

laplas clipper evasion persistence stealer trojan

Malware Config

Extracted

Family

laplas

C2

http://45.159.189.105

Attributes

api_key
7ee57b1f6d4aff08f9755119b18cf0754b677addcb6a3063066112b10a357a8e

Targets

- Target
  
  9f35ecf414df4f8e3d0bfa41cea9ebf0827a271941555cabaf22530d774bd999
- Size
  
  2.7MB
- MD5
  
  20974e780438e87cf0fab2e4c10aa72a
- SHA1
  
  577e4d37c6897e550abe430d58577b595ed6d2a9
- SHA256
  
  9f35ecf414df4f8e3d0bfa41cea9ebf0827a271941555cabaf22530d774bd999
- SHA512
  
  c40c222c127d002ea647f3a447426099c7e20f2c9cee48d60f626222e27123406f18e84a2e0774f1725dde001691525487f37e753c5c1dd026b84c958d017e61
- SSDEEP
  
  49152:izUKp+KxzGMns8LyGuD7wdwrYvihsZqkWo9pG7XnkMcfWzE65Gl9R/4xEozse:iYKpbxZDyGuDkdRiOZRd9e5KW4aGd/6N
Score

10^/10

laplas clipper evasion persistence stealer trojan
- Laplas Clipper
  Laplas is a crypto wallet stealer with three variants written in Golang, C#, and C++.
  stealer clipper laplas
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

laplasclipperevasionpersistencestealertrojan

behavioral2

evasionpersistencetrojan