laplas | 78362eb5c4529001a3bc7ecab62b904afef81c63b6778ba00b99eb3398140dab | Triage

Sharing

General

Target

UD094I8g.exe
Size

25.7MB
Sample

230601-c5bspscb37
MD5

ec9598150d9cdcc100cc3d741f4074b6
SHA1

eeec6007d96fb3ea4d47e8fdff39df4dff78a03c
SHA256

78362eb5c4529001a3bc7ecab62b904afef81c63b6778ba00b99eb3398140dab
SHA512

0f90cb187b42b93ea31474260de8966cdd7a7f80f20dd73b3dca6b8ec2340ab518d88aee61f9c914041d0ac14047d55a20885e82029f3eef843085e38d806a2f
SSDEEP

196608:HW36QOxQ8JEgOpcqGs4anqH4mJsMQOgKmEiTBh:S63Q8JExpIGnqYxMNmEiTf

Score

10^/10

laplas clipper persistence stealer

Malware Config

Extracted

Family

laplas

C2

http://85.192.40.252

Attributes

api_key
a8f23fb9332db9a7947580ee498822bfe375b57ad7eb47370c7209509050c298

Targets

- Target
  
  UD094I8g.exe
- Size
  
  25.7MB
- MD5
  
  ec9598150d9cdcc100cc3d741f4074b6
- SHA1
  
  eeec6007d96fb3ea4d47e8fdff39df4dff78a03c
- SHA256
  
  78362eb5c4529001a3bc7ecab62b904afef81c63b6778ba00b99eb3398140dab
- SHA512
  
  0f90cb187b42b93ea31474260de8966cdd7a7f80f20dd73b3dca6b8ec2340ab518d88aee61f9c914041d0ac14047d55a20885e82029f3eef843085e38d806a2f
- SSDEEP
  
  196608:HW36QOxQ8JEgOpcqGs4anqH4mJsMQOgKmEiTBh:S63Q8JExpIGnqYxMNmEiTf
Score

10^/10

laplas clipper persistence stealer
- Laplas Clipper
  Laplas is a crypto wallet stealer with three variants written in Golang, C#, and C++.
  stealer clipper laplas
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

laplasclipperpersistencestealer