laplas | f29d7fe98b8cf7ace554d7a26136ee4504e4634e86336d9225086132774c8238 | Triage

Sharing

General

Target

539a444f8dff3d9719e36fd9db31b799.bin
Size

3.4MB
Sample

230616-bp6sgacc34
MD5

35a7b4521dae347ecd9c7da76b4e2748
SHA1

48555b32234c8146a060807e3e2bdc92b78750c5
SHA256

f29d7fe98b8cf7ace554d7a26136ee4504e4634e86336d9225086132774c8238
SHA512

26199c69256a79887abcdf5554457de659e29220a0cf22e223d728b2e5a38d03719826287828097d47135f4458283940f3bafc0f9536849de3c724b4753f8a68
SSDEEP

49152:v5IboYfA30GfXhdR+WsoB510QySEoLt5JBM7OdO9ohIcfdSBIcgTEQd:v52Y30ChL+/av0QJ5dd4oaOdCIcEEQd

Score

10^/10

laplas clipper evasion persistence stealer trojan

Malware Config

Extracted

Family

laplas

C2

http://45.159.189.105

Attributes

api_key
7ee57b1f6d4aff08f9755119b18cf0754b677addcb6a3063066112b10a357a8e

Targets

- Target
  
  2c5c3ba7eba30cc358b40d494fda79d9d2a6df152bdb7eb1aceb36f3fbcf60c3.exe
- Size
  
  3.5MB
- MD5
  
  539a444f8dff3d9719e36fd9db31b799
- SHA1
  
  9b4a836511afdb230888a1e2c0698c839850d8c0
- SHA256
  
  2c5c3ba7eba30cc358b40d494fda79d9d2a6df152bdb7eb1aceb36f3fbcf60c3
- SHA512
  
  7c14e97ff23cd34f302658a498e26d694b1d501390536eee51f9e9e2bfc68306b59362d66b7c11d364d2cc7d2e6ed78912b505476e78ae2e928fd859e2c104bd
- SSDEEP
  
  98304:GrZtcyQgVa9BjWmic5fcD75vuHgdtZgC:GsRgVa9ltc35WHG7
Score

10^/10

laplas clipper evasion persistence stealer trojan
- Laplas Clipper
  Laplas is a crypto wallet stealer with three variants written in Golang, C#, and C++.
  stealer clipper laplas
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

laplasclipperevasionpersistencestealertrojan

behavioral2

laplasclipperevasionpersistencestealertrojan