laplas | a9be7e54f52ab225e7165e867cf64ab5e41649f51ddd60625bd79b1c372c6e53 | Triage

Sharing

General

Target

a108cb7fb55413596c27e5c26ab7504de599e3887fc89270d0d3610ac3c81c7a.zip
Size

206KB
Sample

230630-pkz11sbh5z
MD5

65678409877207e0ab2bf657e0a5d340
SHA1

c464481cd2a89cfca86b6dd8949ed40760aa165f
SHA256

a9be7e54f52ab225e7165e867cf64ab5e41649f51ddd60625bd79b1c372c6e53
SHA512

c8db922a1346cf5fc7d3b2b52dfc1cf5f6a11a1336ed9b035ab5b2478d60fb7543de972480f221e04afc59376a5d0ba9d21b26fe7f7002b62418b6f206673345
SSDEEP

3072:j3lchkRwSpP8Y5qFOS+QHMkiZI5AXeQRYhKbrwfBVW8VrMaMEkQDXz:LlcO6YE35HM/Z2+gx5FMEHj

Score

10^/10

laplas smokeloader 2023 backdoor clipper persistence stealer trojan

Malware Config

Extracted

Family

smokeloader

Botnet

2023

Extracted

Family

smokeloader

Version

2022

C2

http://c3g6gx853u6j.xyz/

http://04yh16065cdi.xyz/

http://33qd2w560vnx.xyz/

http://neriir0f76gr.com/

http://b4y08hrp3jdb.com/

http://swp6fbywla09.com/

http://7iqt53dr345u.com/

http://mj4aj8r55mho.com/

http://ne4ym7bjn1ts.com/

rc4.i32

rc4.i32

Extracted

Family

laplas

C2

http://45.159.189.105

Attributes

api_key
0be23a6bec914a7d28f1aae995f036fdba93224093ddb48d02fe43e814862f4e

Extracted

Family

laplas

C2

http://45.159.189.105

Attributes

api_key
0be23a6bec914a7d28f1aae995f036fdba93224093ddb48d02fe43e814862f4e

Targets

- Target
  
  a108cb7fb55413596c27e5c26ab7504de599e3887fc89270d0d3610ac3c81c7a.exe
- Size
  
  319KB
- MD5
  
  85326f203daea8bc2130d1809bcb6b5c
- SHA1
  
  24077c1f68653d460c115be272906f5c4777192f
- SHA256
  
  a108cb7fb55413596c27e5c26ab7504de599e3887fc89270d0d3610ac3c81c7a
- SHA512
  
  6970dc52fc42c7ca1104b20229f2d6d3f077a873b04d00f0a48ab5a8889fd16f3ad2fb33b311749c26d3cba9a333ec2712acf809052061ad7c46133cb0e4058a
- SSDEEP
  
  6144:NuLAX+WXLHBsVS5/Z2+LFECBUMHmRIXD3cAyjEvJEMrbO:A6+WX7Bsmk+LFtBUMGRmDMAyoh
Score

10^/10

smokeloader 2023 backdoor trojan laplas clipper persistence stealer
- Laplas Clipper
  Laplas is a crypto wallet stealer with three variants written in Golang, C#, and C++.
  stealer clipper laplas
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Downloads MZ/PE file
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloader2023backdoortrojan

behavioral2

laplassmokeloader2023backdoorclipperpersistencestealertrojan