laplas | 577008901c87ac135164e22a9dd8d9467c1d92ef2288157c95be49571a93be95 | Triage

Sharing

General

Target

bfd1dad193b0dab4f36b3a3021dcc5b9.exe
Size

6.6MB
Sample

230520-3ljx3shg8x
MD5

bfd1dad193b0dab4f36b3a3021dcc5b9
SHA1

1030f8303d36b4be1004cf5848b54bfb6d84fa52
SHA256

577008901c87ac135164e22a9dd8d9467c1d92ef2288157c95be49571a93be95
SHA512

dafc0fd4a2fd0e8ee62e644eca73af35a56ed70549e98d7e9d329d89dd12bb81a9e4ef747b81d4a2d41eeb1a72f17fa0086b8e454f4e7c4c423a7dd3a7fa41b7
SSDEEP

98304:cq6rgZZ0WMY+gPeFy0OvJv4JTfdnwuFE9HdvzxCCExUs10NhfgYCjcZ:+qZ+YWy0OVuRnwuFKBxCrUs0hIYCw

Score

10^/10

laplas clipper discovery persistence spyware stealer

Malware Config

Extracted

Family

laplas

C2

http://185.223.93.251

Attributes

api_key
f0cd0c3938331a84425c6e784f577ccd87bb667cfdb44cc24f97f402ac5e15b7

Targets

- Target
  
  bfd1dad193b0dab4f36b3a3021dcc5b9.exe
- Size
  
  6.6MB
- MD5
  
  bfd1dad193b0dab4f36b3a3021dcc5b9
- SHA1
  
  1030f8303d36b4be1004cf5848b54bfb6d84fa52
- SHA256
  
  577008901c87ac135164e22a9dd8d9467c1d92ef2288157c95be49571a93be95
- SHA512
  
  dafc0fd4a2fd0e8ee62e644eca73af35a56ed70549e98d7e9d329d89dd12bb81a9e4ef747b81d4a2d41eeb1a72f17fa0086b8e454f4e7c4c423a7dd3a7fa41b7
- SSDEEP
  
  98304:cq6rgZZ0WMY+gPeFy0OvJv4JTfdnwuFE9HdvzxCCExUs10NhfgYCjcZ:+qZ+YWy0OVuRnwuFKBxCrUs0hIYCw
Score

10^/10

laplas clipper discovery persistence spyware stealer
- Laplas Clipper
  Laplas is a crypto wallet stealer with three variants written in Golang, C#, and C++.
  stealer clipper laplas
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

laplasclipperdiscoverypersistencespywarestealer

behavioral2