laplas | 3d5c016ded8af42241a278854c40414fc57dfc9b27751aaa92a25d6b8a187e0d | Triage

Sharing

General

Target

Adobe Premiere Pro Crack.zip
Size

4.7MB
Sample

230517-lwcs3sef28
MD5

be10818c6b4504c97740089213a66b01
SHA1

3be04b70a5820ed0267bc100851c359a4688b9ca
SHA256

3d5c016ded8af42241a278854c40414fc57dfc9b27751aaa92a25d6b8a187e0d
SHA512

94a38f83fb1165aea95abbb9c6ddb6312d388a1f8a2a1c8be119257c2a5d64e406a1f212d54de897785fe614632caba5e64e8db96c7a5d6ffeb20c412a058b25
SSDEEP

98304:WCxOrUKkkpWxXfh1PWiFELrn327uFfB61r96Vfa:WCqU/PteLb0iBWr

Score

10^/10

laplas clipper persistence spyware stealer

Malware Config

Extracted

Family

laplas

C2

http://185.223.93.251

Attributes

api_key
f0cd0c3938331a84425c6e784f577ccd87bb667cfdb44cc24f97f402ac5e15b7

Targets

- Target
  
  Adobe Premiere Pro Crack/Patch.css
- Size
  
  829KB
- MD5
  
  7e1079eaf8694198c86c55fe3568f038
- SHA1
  
  e4bc06ebab424a86f6a848d70c636e746c2125cd
- SHA256
  
  98077384bfa1d810fb4309b76b55c57960366a3020b2804c6ee7fa515a50e8e3
- SHA512
  
  b45b702bc7e2f11867e0f9366e7ef458965a11c869972b37221c198899de1ecaa58c31330df49b944cb8f11fc259bd86e216c18a065e5af98d0d780b4adb1da3
- SSDEEP
  
  12288:yZKlZKlZKlZKlZKlZKlZKlZKlZKlZKlZKlZKQZKlZK8:yZaZaZaZaZaZaZaZaZaZaZaZnZaZb
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2
- Target
  
  Adobe Premiere Pro Crack/Set-up.exe
- Size
  
  1021.2MB
- MD5
  
  20bb576a3863d7d4de2e69ab113b58de
- SHA1
  
  be884fa3b406d031fbfefd2307314447d16f3aa6
- SHA256
  
  0136126495313b29e1726a57684dbd5ac282f4acc804c6ed7d39cfc319edbdf4
- SHA512
  
  6228ad98edbec74203efc41d3943e30b084bcee640b6e372fb04f63c72fed1d966b75d4a74429c9744c41c44efbf363c6a12f6d0b82f2cb58c5a3b562feffb7b
- SSDEEP
  
  12288:CPqHB7etS1aWOvxVU5VA+oHVdvrD02kFpGaHk/R+HLYlEgyUQ8D0FDIhtUShMMsf:CsBGS1X7mIFpRHkgydtQ8DswY7B9/Ql
Score

10^/10

laplas clipper persistence spyware stealer
- Laplas Clipper
  Laplas is a crypto wallet stealer with three variants written in Golang, C#, and C++.
  stealer clipper laplas
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral3 behavioral4
- Target
  
  Adobe Premiere Pro Crack/Setup.dll
- Size
  
  557KB
- MD5
  
  0fd7ea74edfaa42be55648605f527cbd
- SHA1
  
  83e8a74436a3701664f13accbc445c698b7ce52a
- SHA256
  
  8be532fc253154d92a193a1fe7cfc37ae82639c3d6845b0405b78324124f3a6a
- SHA512
  
  44ae57beb38bd1d547c121c46f17b2b16cf253f10cbe99926c10ebf7cc9a1bb4190a9ab878247aa998aecf1248237f120695d46859f59186aaff2cb12b0d4db5
- SSDEEP
  
  6144:KiY7sT+MrlYkiY7sT+MrlYkiY7sT+MrlYkiY7sT+MrlYkiY7sT+MrlYU0S83FJ4D:KZo7VZo7VZo7VZo7VZo750H2JIs
Score

1^/10
behavioral5 behavioral6
- Target
  
  Adobe Premiere Pro Crack/libGLESv2.dll
- Size
  
  1.4MB
- MD5
  
  8306600f6c59fca3a7f1b6051a70a34c
- SHA1
  
  9d2fd76fd7ef118ea96bc26ae0c03c428d91e34e
- SHA256
  
  cd9ffd828af9e4ccad1cdab755d9393174857b071a997548d9e3c4f20999320e
- SHA512
  
  414bcfe0de34a2ce51940ad8220627e74abb09a2d5250c60a161625e780540a0bf204583e0638546bed25c6372c8c8a053b6c6e31959d4f581c8802762e1380d
- SSDEEP
  
  12288:BoZo7VZo7VZo7VZo7VZo7VZo7VZo7VZo7VZo7VZo7VZo7VZo7iZo7Xo7VZo7VZov:Z
Score

1^/10
behavioral7 behavioral8

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

laplasclipperpersistencespywarestealer

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8