laplas | 0e59fafb2de30f5fa5b6cce425f40115180b373592e1a201702742a6e8f21cc9

General

Target

6fb6cfdca040bd1e7ab1256d37306416.exe
Size

741KB
Sample

230615-zqz83sbc82
MD5

6fb6cfdca040bd1e7ab1256d37306416
SHA1

f9f8270d2186a27a3f7301e4e3d3cccc73bab0ad
SHA256

0e59fafb2de30f5fa5b6cce425f40115180b373592e1a201702742a6e8f21cc9
SHA512

0e4c654863528e97d67741734217d37d0cec03d9bf9cbe9e66543e614566d9e163c5b8455548352b56a706225937bbc5dc17c5c9a8e52e99637b6885ef2d0ad3
SSDEEP

6144:25G0py2KhkpK60W2VuTLx7AV35pDNvB/PQs6AvLTJ:25M2KhkpWWYuHxU3pDNvB/PHXLTJ

Score

10^/10

laplas redline 1 clipper infostealer persistence spyware stealer

Malware Config

Extracted

Family

redline

Botnet

1

C2

95.216.249.153:81

Attributes

auth_value
a290efd4796d37556cc5af7e83c91346

Extracted

Family

laplas

C2

http://45.159.189.105

Attributes

api_key
ab77c1513d42148558312d676282a204d8aa055051d315af2056241c7f79c6f4

Extracted

Family

laplas

C2

http://45.159.189.105

Attributes

api_key
ab77c1513d42148558312d676282a204d8aa055051d315af2056241c7f79c6f4

Targets

- Target
  
  6fb6cfdca040bd1e7ab1256d37306416.exe
- Size
  
  741KB
- MD5
  
  6fb6cfdca040bd1e7ab1256d37306416
- SHA1
  
  f9f8270d2186a27a3f7301e4e3d3cccc73bab0ad
- SHA256
  
  0e59fafb2de30f5fa5b6cce425f40115180b373592e1a201702742a6e8f21cc9
- SHA512
  
  0e4c654863528e97d67741734217d37d0cec03d9bf9cbe9e66543e614566d9e163c5b8455548352b56a706225937bbc5dc17c5c9a8e52e99637b6885ef2d0ad3
- SSDEEP
  
  6144:25G0py2KhkpK60W2VuTLx7AV35pDNvB/PQs6AvLTJ:25M2KhkpWWYuHxU3pDNvB/PHXLTJ
Score

10^/10

redline 1 infostealer spyware laplas clipper persistence stealer
- Laplas Clipper
  Laplas is a crypto wallet stealer with three variants written in Golang, C#, and C++.
  stealer clipper laplas
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Downloads MZ/PE file
- Executes dropped EXE
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Credentials in Files

1

T1081

Discovery

Lateral Movement

Collection

Data from Local System

1

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Extracted

Targets

Laplas Clipper

RedLine

Downloads MZ/PE file

Executes dropped EXE

Accesses cryptocurrency files/wallets, possible credential harvesting

Adds Run key to start application

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2