General
-
Target
file.exe
-
Size
1.1MB
-
Sample
230613-l57ptagb9x
-
MD5
05d2607674b12556392ad7d31c498bb2
-
SHA1
6a30c01505a666f109502e563df48287fc68af7b
-
SHA256
dc4df62efb7c9b410401653297e66098809afa302874d98711b82e20864a8049
-
SHA512
4f9019a34c89cc49b29ae808e272a5acb5e6bb18b4369cf826cc2ce46b41586418494ad535ef7d95408c86ff468457bb5227db619b0c64381172b3eecb77f549
-
SSDEEP
6144:vhMIAaYKyQdiU+oboLaSORJ3k5QH2rCfdOrAOGLNf9C42PVWI/L6VGuXZ:vhMvaYTQdiU+oboLLuiELNOPVWIzmfZ
Malware Config
Extracted
redline
2
95.216.249.153:81
-
auth_value
101013a5e99e0857595aae297a11351d
Extracted
laplas
http://45.159.189.105
-
api_key
ab77c1513d42148558312d676282a204d8aa055051d315af2056241c7f79c6f4
Extracted
laplas
http://45.159.189.105
-
api_key
ab77c1513d42148558312d676282a204d8aa055051d315af2056241c7f79c6f4
Targets
-
-
Target
file.exe
-
Size
1.1MB
-
MD5
05d2607674b12556392ad7d31c498bb2
-
SHA1
6a30c01505a666f109502e563df48287fc68af7b
-
SHA256
dc4df62efb7c9b410401653297e66098809afa302874d98711b82e20864a8049
-
SHA512
4f9019a34c89cc49b29ae808e272a5acb5e6bb18b4369cf826cc2ce46b41586418494ad535ef7d95408c86ff468457bb5227db619b0c64381172b3eecb77f549
-
SSDEEP
6144:vhMIAaYKyQdiU+oboLaSORJ3k5QH2rCfdOrAOGLNf9C42PVWI/L6VGuXZ:vhMvaYTQdiU+oboLLuiELNOPVWIzmfZ
Score10/10-
Laplas Clipper
Laplas is a crypto wallet stealer with three variants written in Golang, C#, and C++.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-