General
-
Target
4416ae4550db7da6142def01a056aa2214036a8b718d5f17031cd9aede39fb66
-
Size
4.5MB
-
Sample
230514-17nr2sga5y
-
MD5
7e050b69e98c5ec9210f66e0c90e0b76
-
SHA1
6fba0dbbce41e76fbc0ffb4d193e8c6e9020da18
-
SHA256
4416ae4550db7da6142def01a056aa2214036a8b718d5f17031cd9aede39fb66
-
SHA512
e9df367eb76b947cd38aab4c391f8fb1b94bfeafe4cf581fd51f8e1cd6da3df317e5c9aa2672fad14b121aed8a68cf570b3617007cf3f7ff9bed6d86669219a3
-
SSDEEP
98304:5jMaFfnXAfveVnuJmhKRStK1uFbJeYUk+EPw/jh/FIYbNEWLwmVMK:5lFfXAfE4RgQUVeYUBEPw/NnNRLn6
Malware Config
Extracted
laplas
http://45.159.189.105
-
api_key
f52a5c9bc5eb2f51b22f04f3e85c301ac0170a650de6044773f0a8309fbdfb79
Targets
-
-
Target
4416ae4550db7da6142def01a056aa2214036a8b718d5f17031cd9aede39fb66
-
Size
4.5MB
-
MD5
7e050b69e98c5ec9210f66e0c90e0b76
-
SHA1
6fba0dbbce41e76fbc0ffb4d193e8c6e9020da18
-
SHA256
4416ae4550db7da6142def01a056aa2214036a8b718d5f17031cd9aede39fb66
-
SHA512
e9df367eb76b947cd38aab4c391f8fb1b94bfeafe4cf581fd51f8e1cd6da3df317e5c9aa2672fad14b121aed8a68cf570b3617007cf3f7ff9bed6d86669219a3
-
SSDEEP
98304:5jMaFfnXAfveVnuJmhKRStK1uFbJeYUk+EPw/jh/FIYbNEWLwmVMK:5lFfXAfE4RgQUVeYUBEPw/NnNRLn6
Score10/10-
Laplas Clipper
Laplas is a crypto wallet stealer with three variants written in Golang, C#, and C++.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-