laplas | 06eaf4d011e750f2356ee6d0e8ef9596fa7d2d214580be5e5fb066220fd53ab5

General

Target

03011699.bin
Size

123KB
Sample

230617-hkzlxsaf33
MD5

5e34e2bfe4253f7638cfc3203864a75e
SHA1

82c0b7d486bf7842f83d1df9986f8a82be5d7fd5
SHA256

06eaf4d011e750f2356ee6d0e8ef9596fa7d2d214580be5e5fb066220fd53ab5
SHA512

dd787c692790ee786716c86f9b9596e164f7f0ccf5378f3e4899466e68553c56c773f283c9fa22cb057dc4a1bf1780b5197cd9dfbb233e8250e30fbe5933a45c
SSDEEP

3072:3Crk9MJvQbYDG3aWN2L1QJY9yZ7sl2LXHe9OmOl8He3:Sd04q2GJYETTqOzge3

Score

10^/10

laplas redline 1 clipper infostealer persistence spyware stealer

Malware Config

Extracted

Family

redline

Botnet

1

C2

95.216.249.153:81

Attributes

auth_value
a290efd4796d37556cc5af7e83c91346

Extracted

Family

laplas

C2

http://45.159.189.105

Attributes

api_key
ab77c1513d42148558312d676282a204d8aa055051d315af2056241c7f79c6f4

Extracted

Family

laplas

C2

http://45.159.189.105

Attributes

api_key
ab77c1513d42148558312d676282a204d8aa055051d315af2056241c7f79c6f4

Targets

- Target
  
  0e59fafb2de30f5fa5b6cce425f40115180b373592e1a201702742a6e8f21cc9.exe
- Size
  
  741KB
- MD5
  
  6fb6cfdca040bd1e7ab1256d37306416
- SHA1
  
  f9f8270d2186a27a3f7301e4e3d3cccc73bab0ad
- SHA256
  
  0e59fafb2de30f5fa5b6cce425f40115180b373592e1a201702742a6e8f21cc9
- SHA512
  
  0e4c654863528e97d67741734217d37d0cec03d9bf9cbe9e66543e614566d9e163c5b8455548352b56a706225937bbc5dc17c5c9a8e52e99637b6885ef2d0ad3
- SSDEEP
  
  6144:25G0py2KhkpK60W2VuTLx7AV35pDNvB/PQs6AvLTJ:25M2KhkpWWYuHxU3pDNvB/PHXLTJ
Score

10^/10

redline 1 infostealer spyware laplas clipper persistence stealer
- Laplas Clipper
  Laplas is a crypto wallet stealer with three variants written in Golang, C#, and C++.
  stealer clipper laplas
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Downloads MZ/PE file
- Executes dropped EXE
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Credentials in Files

1

T1081

Discovery

Lateral Movement

Collection

Data from Local System

1

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Extracted

Targets

Laplas Clipper

RedLine

Downloads MZ/PE file

Executes dropped EXE

Accesses cryptocurrency files/wallets, possible credential harvesting

Adds Run key to start application

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2