laplas | e5bc55ce98909742d2f1353b3bc8749ecc71206a5b8fa2e656d2a3ae186c1e63 | Triage

Sharing

General

Target

07238099.exe
Size

557KB
Sample

230621-qxjp8sbb2t
MD5

b76188bafa717975768bd24d09ffeb09
SHA1

f623849274e0303a33a20f28d5b972869b89f947
SHA256

e5bc55ce98909742d2f1353b3bc8749ecc71206a5b8fa2e656d2a3ae186c1e63
SHA512

859f1fd0877779779059fad437d8ddf5b0bd7e0f4fb724dfe1cc9bee069f2cc8339e7bfdb94fa5d0e65d0fbfb72a9cbe18c578cb249c7a12cbbda59282ab5b43
SSDEEP

12288:p/XPduH5pchAXVcDy2sol2Eq3Upx5wFoSTJrT:pNu0hw0y2xOU4T

Score

10^/10

laplas clipper stealer

Malware Config

Extracted

Family

laplas

C2

clipper.guru

Attributes

api_key
afc950a4a18fd71c9d7be4c460e4cb77d0bcf29a49d097e4e739c17c332c3a34

Targets

- Target
  
  07238099.exe
- Size
  
  557KB
- MD5
  
  b76188bafa717975768bd24d09ffeb09
- SHA1
  
  f623849274e0303a33a20f28d5b972869b89f947
- SHA256
  
  e5bc55ce98909742d2f1353b3bc8749ecc71206a5b8fa2e656d2a3ae186c1e63
- SHA512
  
  859f1fd0877779779059fad437d8ddf5b0bd7e0f4fb724dfe1cc9bee069f2cc8339e7bfdb94fa5d0e65d0fbfb72a9cbe18c578cb249c7a12cbbda59282ab5b43
- SSDEEP
  
  12288:p/XPduH5pchAXVcDy2sol2Eq3Upx5wFoSTJrT:pNu0hw0y2xOU4T
Score

10^/10

laplas clipper stealer
- Laplas Clipper
  Laplas is a crypto wallet stealer with three variants written in Golang, C#, and C++.
  stealer clipper laplas
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

laplasclipperstealer

behavioral2

laplasclipperstealer