laplas | 1551371a8c26e90e3ce229fd4f68351373e6bafcd7cfbe51e4892605bda772d0 | Triage

Sharing

General

Target

02e3ce5f9cff3521b4e443a7a98955ab.bin.exe
Size

1.2MB
Sample

230620-qyhvbscd33
MD5

02e3ce5f9cff3521b4e443a7a98955ab
SHA1

d022344ccf678b0d70f29770e54f836fb20eb737
SHA256

1551371a8c26e90e3ce229fd4f68351373e6bafcd7cfbe51e4892605bda772d0
SHA512

1ee18cda37cab9a25117fc609a6ecc088d89c40267679bb5e3b383e663e174996ab7c57a7a8d2d7ba92f33c40bcfd960ca94243902946fc9377a0780a0fa422d
SSDEEP

6144:SBsloyGJpqpn9PZZiQ3/0tAOVfuuJR+BnuonkENk6C8ZmMxonUMFO/NogCP2:S6XGJpqdNctbfpInuokWk6leQ2P2

Score

10^/10

laplas redline @sogood1337 clipper infostealer persistence spyware stealer

Malware Config

Extracted

Family

redline

Botnet

@sogood1337

C2

94.142.138.4:80

Attributes

auth_value
55bcb57dbab66d380a24118a44c40da2

Extracted

Family

laplas

C2

http://185.209.161.189

Attributes

api_key
f0cd0c3938331a84425c6e784f577ccd87bb667cfdb44cc24f97f402ac5e15b7

Targets

- Target
  
  02e3ce5f9cff3521b4e443a7a98955ab.bin.exe
- Size
  
  1.2MB
- MD5
  
  02e3ce5f9cff3521b4e443a7a98955ab
- SHA1
  
  d022344ccf678b0d70f29770e54f836fb20eb737
- SHA256
  
  1551371a8c26e90e3ce229fd4f68351373e6bafcd7cfbe51e4892605bda772d0
- SHA512
  
  1ee18cda37cab9a25117fc609a6ecc088d89c40267679bb5e3b383e663e174996ab7c57a7a8d2d7ba92f33c40bcfd960ca94243902946fc9377a0780a0fa422d
- SSDEEP
  
  6144:SBsloyGJpqpn9PZZiQ3/0tAOVfuuJR+BnuonkENk6C8ZmMxonUMFO/NogCP2:S6XGJpqdNctbfpInuokWk6leQ2P2
Score

10^/10

laplas redline @sogood1337 clipper infostealer persistence spyware stealer
- Laplas Clipper
  Laplas is a crypto wallet stealer with three variants written in Golang, C#, and C++.
  stealer clipper laplas
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Credentials in Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

laplasredline@sogood1337clipperinfostealerpersistencespywarestealer

behavioral2

redline@sogood1337infostealerspyware