laplas | aa8a2e7e1556276dad50729a039ac5cc81cd16494ecb4431f8d6ad59fa8eb9ec | Triage

Submit
Reports

Overview

overview

Static

static

3

Installer.exe

windows10-1703-x64

Installer.exe

windows10-2004-x64

Sharing

General

Target

Installer.exe
Size

1.2MB
Sample

230615-bvntvaec81
MD5

d017c52a55cb3741adfb83eed1d6f052
SHA1

fe3e79ad0cb2b2e5374dca688c83de93ebba9bb3
SHA256

aa8a2e7e1556276dad50729a039ac5cc81cd16494ecb4431f8d6ad59fa8eb9ec
SHA512

d207b117dc24f856d7ba385d4764f724940a59d1f56a3fd2abaf267e1dbc47234bc5cfce2765ac91b501fcd0925048bb22acc1f050e2c9c36c483581c2e1598d
SSDEEP

12288:dGKA3PekjU4fQHp4v8Q9SWVPs+ihQq/3C:dI3gNGUQcWVPBi6q/

Score

10^/10

laplas lobshot redline @merchd backdoor clipper infostealer persistence spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Installer.exe

Resource

win10-20230220-en

redline @merchd infostealer

windows10-1703-x64

4 signatures

300 seconds

Behavioral task

behavioral2

Sample

Installer.exe

Resource

win10v2004-20230220-en

laplas lobshot redline @merchd backdoor clipper infostealer persistence spyware stealer

windows10-2004-x64

14 signatures

300 seconds

Malware Config

Extracted

Family

redline

Botnet

@MerchD

C2

94.142.138.4:80

Attributes

auth_value
9f84b46959366b2efa0773e0556f6e11

Extracted

Family

laplas

C2

http://185.223.93.251

Attributes

api_key
f0cd0c3938331a84425c6e784f577ccd87bb667cfdb44cc24f97f402ac5e15b7

Targets

- Target
  
  Installer.exe
- Size
  
  1.2MB
- MD5
  
  d017c52a55cb3741adfb83eed1d6f052
- SHA1
  
  fe3e79ad0cb2b2e5374dca688c83de93ebba9bb3
- SHA256
  
  aa8a2e7e1556276dad50729a039ac5cc81cd16494ecb4431f8d6ad59fa8eb9ec
- SHA512
  
  d207b117dc24f856d7ba385d4764f724940a59d1f56a3fd2abaf267e1dbc47234bc5cfce2765ac91b501fcd0925048bb22acc1f050e2c9c36c483581c2e1598d
- SSDEEP
  
  12288:dGKA3PekjU4fQHp4v8Q9SWVPs+ihQq/3C:dI3gNGUQcWVPBi6q/
Score

10^/10

redline @merchd infostealer laplas lobshot backdoor clipper persistence spyware stealer
- Detects Lobshot family
- Laplas Clipper
  Laplas is a crypto wallet stealer with three variants written in Golang, C#, and C++.
  stealer clipper laplas
- Lobshot
  Lobshot is a backdoor module written in c++.
  backdoor lobshot
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Downloads MZ/PE file
- Executes dropped EXE
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Remote System Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redline@merchdinfostealer

behavioral2

laplaslobshotredline@merchdbackdoorclipperinfostealerpersistencespywarestealer

© 2018-2025

Terms | Privacy