laplas | db78b5b857378304d5d72a826a2f1e261a71791eda971bf952cbd8182bbc62bd

General

Target

507a16cb87079ba90a8efe3a6baaa026.exe
Size

939KB
Sample

230614-e7874ach92
MD5

507a16cb87079ba90a8efe3a6baaa026
SHA1

b526a0a56488488f45d4277a9be5f3105806e0ad
SHA256

db78b5b857378304d5d72a826a2f1e261a71791eda971bf952cbd8182bbc62bd
SHA512

1193148b16891a5df52508366851c50379f05afed538882a4db5c65b345b1c1286d19de1c5f2adad09c411483fea9a6ea0038ffb624c03e42d752da27dda2b78
SSDEEP

6144:XmGoVjJhX8kQ/50Xi8wHi0I1GHXP3Or/c+rkGKZ:XXwX8kQBD8wHivGH/3Orc+rvKZ

Score

10^/10

laplas redline 1 clipper infostealer persistence spyware stealer

Malware Config

Extracted

Family

redline

Botnet

1

C2

95.216.249.153:81

Attributes

auth_value
a290efd4796d37556cc5af7e83c91346

Extracted

Family

laplas

C2

http://45.159.189.105

Attributes

api_key
ab77c1513d42148558312d676282a204d8aa055051d315af2056241c7f79c6f4

Extracted

Family

laplas

C2

http://45.159.189.105

Attributes

api_key
ab77c1513d42148558312d676282a204d8aa055051d315af2056241c7f79c6f4

Targets

- Target
  
  507a16cb87079ba90a8efe3a6baaa026.exe
- Size
  
  939KB
- MD5
  
  507a16cb87079ba90a8efe3a6baaa026
- SHA1
  
  b526a0a56488488f45d4277a9be5f3105806e0ad
- SHA256
  
  db78b5b857378304d5d72a826a2f1e261a71791eda971bf952cbd8182bbc62bd
- SHA512
  
  1193148b16891a5df52508366851c50379f05afed538882a4db5c65b345b1c1286d19de1c5f2adad09c411483fea9a6ea0038ffb624c03e42d752da27dda2b78
- SSDEEP
  
  6144:XmGoVjJhX8kQ/50Xi8wHi0I1GHXP3Or/c+rkGKZ:XXwX8kQBD8wHivGH/3Orc+rvKZ
Score

10^/10

redline 1 infostealer spyware laplas clipper persistence stealer
- Laplas Clipper
  Laplas is a crypto wallet stealer with three variants written in Golang, C#, and C++.
  stealer clipper laplas
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Downloads MZ/PE file
- Executes dropped EXE
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Credentials in Files

1

T1081

Discovery

Lateral Movement

Collection

Data from Local System

1

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Extracted

Targets

Laplas Clipper

RedLine

Downloads MZ/PE file

Executes dropped EXE

Accesses cryptocurrency files/wallets, possible credential harvesting

Adds Run key to start application

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2