General
-
Target
file.exe
-
Size
575KB
-
Sample
230617-lsr4labc47
-
MD5
7e1c47ca9cef11631ddd096c1d3639c7
-
SHA1
4e8d9b1efb8b4b7b316e5a7fd3fb808e2da759a8
-
SHA256
02c640ef3ac9d7fa8c919b0f72bb85413ef3e9803d2d091277b9a7c41f52e9d9
-
SHA512
fa029905bf1921ab433f949167e64874e5da3e98908da38c92ae8e4db987a6ab786f68942993e34c92f713d7bf701e4d066da9abde7b88b6ff018663ba79490a
-
SSDEEP
6144:qTov37S4OHn8MDIYKReFMjkyI/VYXVhUYbjDyVlQBCVTI:qcv37SajRVjziVq3gVlsCVT
Malware Config
Extracted
redline
2
95.216.249.153:81
-
auth_value
101013a5e99e0857595aae297a11351d
Extracted
laplas
http://45.159.189.105
-
api_key
ab77c1513d42148558312d676282a204d8aa055051d315af2056241c7f79c6f4
Extracted
laplas
http://45.159.189.105
-
api_key
ab77c1513d42148558312d676282a204d8aa055051d315af2056241c7f79c6f4
Targets
-
-
Target
file.exe
-
Size
575KB
-
MD5
7e1c47ca9cef11631ddd096c1d3639c7
-
SHA1
4e8d9b1efb8b4b7b316e5a7fd3fb808e2da759a8
-
SHA256
02c640ef3ac9d7fa8c919b0f72bb85413ef3e9803d2d091277b9a7c41f52e9d9
-
SHA512
fa029905bf1921ab433f949167e64874e5da3e98908da38c92ae8e4db987a6ab786f68942993e34c92f713d7bf701e4d066da9abde7b88b6ff018663ba79490a
-
SSDEEP
6144:qTov37S4OHn8MDIYKReFMjkyI/VYXVhUYbjDyVlQBCVTI:qcv37SajRVjziVq3gVlsCVT
Score10/10-
Laplas Clipper
Laplas is a crypto wallet stealer with three variants written in Golang, C#, and C++.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-