laplas | 41aa5b071a82803eaa46c4b3970ef07a01826dc4e21a5c3af6a706d641464728

Sharing

Copy URL

Twitter E-mail

General

Target

Software (pass 2023).rar
Size

111KB
Sample

230620-qbyx2aca86
MD5

c41ca055376a894769b6d553ccb220c7
SHA1

cc831d897493d5d1da219785383b13d8e45e001e
SHA256

41aa5b071a82803eaa46c4b3970ef07a01826dc4e21a5c3af6a706d641464728
SHA512

68ad2f5346e1c97e59b99f8676c68a173a867ce933ea59a78bf73d34db55026866fef8af7a9f1e18f95e8c74e3dea3bc937cce1490c89663f81d8df07a01f805
SSDEEP

3072:aesSD1RS4gTFLa+19EJSMFWe6JcoORRx8d7VkS:a6D15AF9EwMFWea6f8dqS

Score

10^/10

Malware Config

Extracted

Family

redline

Botnet

@Durak9876

94.142.138.4:80

Attributes

auth_value
7349e2db57cd9fb7fbca9d54c1dfaaf9

Extracted

Family

laplas

http://185.209.161.189

Attributes

api_key
f0cd0c3938331a84425c6e784f577ccd87bb667cfdb44cc24f97f402ac5e15b7

Targets

- Target
  
  Software (pass 2023).rar
- Size
  
  111KB
- MD5
  
  c41ca055376a894769b6d553ccb220c7
- SHA1
  
  cc831d897493d5d1da219785383b13d8e45e001e
- SHA256
  
  41aa5b071a82803eaa46c4b3970ef07a01826dc4e21a5c3af6a706d641464728
- SHA512
  
  68ad2f5346e1c97e59b99f8676c68a173a867ce933ea59a78bf73d34db55026866fef8af7a9f1e18f95e8c74e3dea3bc937cce1490c89663f81d8df07a01f805
- SSDEEP
  
  3072:aesSD1RS4gTFLa+19EJSMFWe6JcoORRx8d7VkS:a6D15AF9EwMFWea6f8dqS
Score

3^/10
behavioral1 behavioral2
- Target
  
  Readme.txt
- Size
  
  72B
- MD5
  
  46b68462c1d5d5e245f5da9a3078236c
- SHA1
  
  d838f08233e69286cad78be34ca740beba2ee522
- SHA256
  
  53c8745ec957cb6dac4d77fed61ecb7ce128fe4e21f48d4d64dae41fb0054ba1
- SHA512
  
  46d379eee249a1683c9e5b51f1a0258318539ad0f0dfd77eecd89b923b359c3659c7b70c0752f11c6e4a02db06ee3769191b952e4f29fd9fde272308488a599d
Score

1^/10
behavioral3 behavioral4
- Target
  
  Setup.exe
- Size
  
  273KB
- MD5
  
  390fc797574a89ae91508f774896ef68
- SHA1
  
  07b43779b0b3e9503f8bb54d2a3877edc05a80d6
- SHA256
  
  060dcbf520bb4a9581523bee99b52335fda2b9dfbada42f5635be3c437fba325
- SHA512
  
  0a83f853d7547b6b295102c0323b72c7420b72b0f9a4f6775b186d39dc8a3dd0069abe2d22b98db84eb091a7ab9d4888d9ce7c03cbacbe8c2ddde31e7c2908ea
- SSDEEP
  
  6144:HE55Zk/2d9dzyCQ5MHVf73hLxGJWTt+AoM2:HE5ZkqdzyUHLLxKWr
Score

10^/10

laplas redline @durak9876 clipper discovery infostealer persistence spyware stealer
- Laplas Clipper
  Laplas is a crypto wallet stealer with three variants written in Golang, C#, and C++.
  stealer clipper laplas
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Legitimate hosting services abused for malware hosting/C2
behavioral5 behavioral6
- Target
  
  about/Readme.txt
- Size
  
  72B
- MD5
  
  46b68462c1d5d5e245f5da9a3078236c
- SHA1
  
  d838f08233e69286cad78be34ca740beba2ee522
- SHA256
  
  53c8745ec957cb6dac4d77fed61ecb7ce128fe4e21f48d4d64dae41fb0054ba1
- SHA512
  
  46d379eee249a1683c9e5b51f1a0258318539ad0f0dfd77eecd89b923b359c3659c7b70c0752f11c6e4a02db06ee3769191b952e4f29fd9fde272308488a599d
Score

1^/10
behavioral7 behavioral8

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

T1158

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Hidden Files and Directories

T1158

Modify Registry

T1112

Web Service

T1102

Credential Access

Credentials in Files

T1081

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Laplas Clipper

RedLine

Downloads MZ/PE file

Executes dropped EXE

Loads dropped DLL

Reads user/profile data of web browsers

Accesses cryptocurrency files/wallets, possible credential harvesting

Adds Run key to start application

Checks installed software on the system

Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8