General
-
Target
file.exe
-
Size
1.1MB
-
Sample
230612-la4pnsbb78
-
MD5
39e1f49a6042aceff8fed09cb3085005
-
SHA1
d1ec91d7f709776514ce122f43ed78576dd76c79
-
SHA256
91c807a3b304b61e268d884f3310e7b4c0cd74400c95c48ff7bc6ab6150282ee
-
SHA512
13093115cb8a9ba27d7fab5d2635884da595521a1a9f4fd32c3d395de7ff2fff82c3b275f9486f0a6cc909a7e1ad01a44cd5eb266b3f1f3e8c9f93cd02d31dc1
-
SSDEEP
12288:LR5lMAN4B9tdhJ3mfCqgdDOImbiaobw5:Lni7J+gdD8bmbs
Malware Config
Extracted
redline
1
95.216.249.153:81
-
auth_value
a290efd4796d37556cc5af7e83c91346
Extracted
laplas
http://45.159.189.105
-
api_key
ab77c1513d42148558312d676282a204d8aa055051d315af2056241c7f79c6f4
Extracted
laplas
http://45.159.189.105
-
api_key
ab77c1513d42148558312d676282a204d8aa055051d315af2056241c7f79c6f4
Targets
-
-
Target
file.exe
-
Size
1.1MB
-
MD5
39e1f49a6042aceff8fed09cb3085005
-
SHA1
d1ec91d7f709776514ce122f43ed78576dd76c79
-
SHA256
91c807a3b304b61e268d884f3310e7b4c0cd74400c95c48ff7bc6ab6150282ee
-
SHA512
13093115cb8a9ba27d7fab5d2635884da595521a1a9f4fd32c3d395de7ff2fff82c3b275f9486f0a6cc909a7e1ad01a44cd5eb266b3f1f3e8c9f93cd02d31dc1
-
SSDEEP
12288:LR5lMAN4B9tdhJ3mfCqgdDOImbiaobw5:Lni7J+gdD8bmbs
Score10/10-
Laplas Clipper
Laplas is a crypto wallet stealer with three variants written in Golang, C#, and C++.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-