General
-
Target
b93d0d4b15a7c44c7be7513a952dd5f71c018ac75a8c8dbac88c3c49aad00b81.bin
-
Size
3.6MB
-
Sample
230507-gw14fsff42
-
MD5
790cc6250e75861e6c0fd25fd041be87
-
SHA1
0294cd435b2916514245bcf36834a598946f69ac
-
SHA256
b93d0d4b15a7c44c7be7513a952dd5f71c018ac75a8c8dbac88c3c49aad00b81
-
SHA512
9ce86bd36b51f9bd20279ca1538b6e7cb7ec06f6650f40f5204ea57ea673ea1118d994c2ef360beaa0d29582fc618380e3f26cddd4dfd3ae1b32e0a845ba0ffb
-
SSDEEP
49152:QAx2ellLgDUJiNKl7cIlIMkQ0KHr5xbnxxr2Xki9j+zs/7XuUf7fZeYb0BIJ9Lkr:QxeXLPgNYIMkQNHr5zh8kiQA/6ULQF9r
Malware Config
Extracted
laplas
http://45.159.189.105
-
api_key
f52a5c9bc5eb2f51b22f04f3e85c301ac0170a650de6044773f0a8309fbdfb79
Targets
-
-
Target
b93d0d4b15a7c44c7be7513a952dd5f71c018ac75a8c8dbac88c3c49aad00b81.bin
-
Size
3.6MB
-
MD5
790cc6250e75861e6c0fd25fd041be87
-
SHA1
0294cd435b2916514245bcf36834a598946f69ac
-
SHA256
b93d0d4b15a7c44c7be7513a952dd5f71c018ac75a8c8dbac88c3c49aad00b81
-
SHA512
9ce86bd36b51f9bd20279ca1538b6e7cb7ec06f6650f40f5204ea57ea673ea1118d994c2ef360beaa0d29582fc618380e3f26cddd4dfd3ae1b32e0a845ba0ffb
-
SSDEEP
49152:QAx2ellLgDUJiNKl7cIlIMkQ0KHr5xbnxxr2Xki9j+zs/7XuUf7fZeYb0BIJ9Lkr:QxeXLPgNYIMkQNHr5zh8kiQA/6ULQF9r
Score10/10-
Laplas Clipper
Laplas is a crypto wallet stealer with three variants written in Golang, C#, and C++.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-