laplas | 030409973817ee077e21c1e2498eac05b8411303d34b893aa71e351abfac4693 | Triage

Sharing

General

Target

20b4ea1f84a5e558f9665e34dde6f63139f0d71308d7175b2b19f7d7a27415b6.zip
Size

191KB
Sample

230630-pkzp9aba52
MD5

d2d800f52ac066411b7103439bb21583
SHA1

66df569dfe2ce0c96031b0fa2a017975cc230998
SHA256

030409973817ee077e21c1e2498eac05b8411303d34b893aa71e351abfac4693
SHA512

93378778efdff3570e36e643dab0c470e7e74bed5c58f65b337a19b7480e094a6113d8d2952379484592ff6d61dc0a3f926cab8b48100057b0484305007ee564
SSDEEP

3072:Xjn8kGXCBLXaijHkWQHgROg1knPqLvsLa2WoFOgV8oSOS1Lu2N6tkIK:XzhGyBLXjHqAR9kPqLv0a2dtlSXN6tkl

Score

10^/10

laplas smokeloader 2023 backdoor clipper persistence stealer trojan

Malware Config

Extracted

Family

smokeloader

Botnet

2023

Extracted

Family

smokeloader

Version

2022

C2

http://c3g6gx853u6j.xyz/

http://04yh16065cdi.xyz/

http://33qd2w560vnx.xyz/

http://neriir0f76gr.com/

http://b4y08hrp3jdb.com/

http://swp6fbywla09.com/

http://7iqt53dr345u.com/

http://mj4aj8r55mho.com/

http://ne4ym7bjn1ts.com/

rc4.i32

rc4.i32

Extracted

Family

laplas

C2

http://45.159.189.105

Attributes

api_key
0be23a6bec914a7d28f1aae995f036fdba93224093ddb48d02fe43e814862f4e

Extracted

Family

laplas

C2

http://45.159.189.105

Attributes

api_key
0be23a6bec914a7d28f1aae995f036fdba93224093ddb48d02fe43e814862f4e

Targets

- Target
  
  20b4ea1f84a5e558f9665e34dde6f63139f0d71308d7175b2b19f7d7a27415b6.exe
- Size
  
  302KB
- MD5
  
  788bcefc172f4791f5e2be99c89c46b6
- SHA1
  
  4b7d3afd67739698137752e48d5155a45e466b76
- SHA256
  
  20b4ea1f84a5e558f9665e34dde6f63139f0d71308d7175b2b19f7d7a27415b6
- SHA512
  
  0ec74fceb28eb80b38088ffa1168fc59d44f36c84c1cef3807c7eb76159d3d0402d764b74335d0dda464fd8b2b5817b3d43a50ebc92a081fdd0756f36639a839
- SSDEEP
  
  6144:2+y6QL07GszPe06qLv0gnZJA8XD3cAyjEvJE:SQ7vN680gnTDMAyo
Score

10^/10

smokeloader 2023 backdoor trojan laplas clipper persistence stealer
- Laplas Clipper
  Laplas is a crypto wallet stealer with three variants written in Golang, C#, and C++.
  stealer clipper laplas
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Downloads MZ/PE file
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloader2023backdoortrojan

behavioral2

laplassmokeloader2023backdoorclipperpersistencestealertrojan