laplas | 69f24003a768ac6451b4bac285475486d27c39723f474e3b8a19c61ceb732838

General

Target

3f0e8a9d61be8b596b4be752965295ad.exe
Size

1.1MB
Sample

230607-k1w7vahh8w
MD5

3f0e8a9d61be8b596b4be752965295ad
SHA1

23399af014c60bcd53af9591a6bb80bc09772139
SHA256

69f24003a768ac6451b4bac285475486d27c39723f474e3b8a19c61ceb732838
SHA512

340137d0b76a523dc680847f656048f02545a306d5fac927fd53bfe41e07ab0fea893a821e45344e2ade31d078ec6cd1cff4a6398e09321037973df703fcd8e7
SSDEEP

6144:Tuo1XQlPoSlw4524UcL/LHh5Z8Z0AOkGZKWklMdGwuss4tjS0G+zLT1YS:TXX4flh524UOyKKWklMdGOtjasBY

Score

10^/10

laplas redline systembc 1 clipper infostealer persistence spyware stealer trojan

Malware Config

Extracted

Family

redline

Botnet

1

C2

95.216.249.153:81

Attributes

auth_value
a290efd4796d37556cc5af7e83c91346

Extracted

Family

systembc

C2

5.42.95.122:4308

194.87.111.29:4308

Extracted

Family

laplas

C2

http://45.159.189.105

Attributes

api_key
ab77c1513d42148558312d676282a204d8aa055051d315af2056241c7f79c6f4

Extracted

Family

laplas

C2

http://45.159.189.105

Attributes

api_key
ab77c1513d42148558312d676282a204d8aa055051d315af2056241c7f79c6f4

Targets

- Target
  
  3f0e8a9d61be8b596b4be752965295ad.exe
- Size
  
  1.1MB
- MD5
  
  3f0e8a9d61be8b596b4be752965295ad
- SHA1
  
  23399af014c60bcd53af9591a6bb80bc09772139
- SHA256
  
  69f24003a768ac6451b4bac285475486d27c39723f474e3b8a19c61ceb732838
- SHA512
  
  340137d0b76a523dc680847f656048f02545a306d5fac927fd53bfe41e07ab0fea893a821e45344e2ade31d078ec6cd1cff4a6398e09321037973df703fcd8e7
- SSDEEP
  
  6144:Tuo1XQlPoSlw4524UcL/LHh5Z8Z0AOkGZKWklMdGwuss4tjS0G+zLT1YS:TXX4flh524UOyKKWklMdGOtjasBY
Score

10^/10

laplas redline systembc 1 clipper infostealer persistence spyware stealer trojan
- Laplas Clipper
  Laplas is a crypto wallet stealer with three variants written in Golang, C#, and C++.
  stealer clipper laplas
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- SystemBC
  SystemBC is a proxy and remote administration tool first seen in 2019.
  trojan systembc
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Credentials in Files

1

T1081

Discovery

Lateral Movement

Collection

Data from Local System

1

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Extracted

Extracted

Targets

Laplas Clipper

RedLine

SystemBC

Downloads MZ/PE file

Executes dropped EXE

Loads dropped DLL

Accesses cryptocurrency files/wallets, possible credential harvesting

Adds Run key to start application

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2