Overview

overview

10

Static

static

3

77exe.exe

windows7-x64

10

77exe.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    146s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230621-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230621-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01-07-2023 06:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    77exe.exe

  • Size

    1.9MB

  • MD5

    b109489b8bb8ca8d3c5381dd2969ddaf

  • SHA1

    d9579ddc7520d109cb04eb79e47effafb842134a

  • SHA256

    379b9ee5c7de68fe8174c3f6668b2629ef40df26dfbb472deee14dbb79cc8fa9

  • SHA512

    f967b83e22831b814f8ac92c5438af1c47b34321feda3b779ab65e70d8e8192ece86e4482d870b6fb37734fa689f10652ff57ab71388988f71a15290772557ac

  • SSDEEP

    49152:fcntI+Q5GuoQZyk0FXjlCt7JDjWPmMCr0fjYmzEm8SOD:0nT3TFAttXZMCr5muD

Score
10/10
laplasclipperpersistencestealer

Malware Config

Extracted

Family

laplas

C2

http://45.159.189.105

Attributes
  • api_key

    0be23a6bec914a7d28f1aae995f036fdba93224093ddb48d02fe43e814862f4e

Extracted

Family

laplas

C2

http://45.159.189.105

Attributes
  • api_key

    0be23a6bec914a7d28f1aae995f036fdba93224093ddb48d02fe43e814862f4e

Signatures

  • Laplas Clipper

    Laplas is a crypto wallet stealer with three variants written in Golang, C#, and C++.

    stealerclipperlaplas
  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • GoLang User-Agent 1 IoCs

    Uses default user-agent string defined by GoLang HTTP packages.

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\77exe.exe
    "C:\Users\Admin\AppData\Local\Temp\77exe.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious use of WriteProcessMemory
    PID:4356
    • C:\Users\Admin\AppData\Roaming\NTSystem\ntlhost.exe
      C:\Users\Admin\AppData\Roaming\NTSystem\ntlhost.exe
      2⤵
      • Executes dropped EXE
      PID:396

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\NTSystem\ntlhost.exe
    Filesize

    703.9MB

    MD5

    f7d4bc53b62ad80b7e78a3de06fed5bf

    SHA1

    b5800fa67e5a6c5ea768c8756d003a745dc155a0

    SHA256

    db63bcf4fe2be23f4c06fee2857e296fd3007083eb910ae55d1dc9c47aba4585

    SHA512

    9745f8fc3a14ca725fefc888c64de7483df36b842173b48abc1fc27cfb894039eca4a7496d340b64474c2022c27a28fcd58e000d76f8ef5f943d593b6f8b65e9

    Download Submit

  • C:\Users\Admin\AppData\Roaming\NTSystem\ntlhost.exe
    Filesize

    703.9MB

    MD5

    f7d4bc53b62ad80b7e78a3de06fed5bf

    SHA1

    b5800fa67e5a6c5ea768c8756d003a745dc155a0

    SHA256

    db63bcf4fe2be23f4c06fee2857e296fd3007083eb910ae55d1dc9c47aba4585

    SHA512

    9745f8fc3a14ca725fefc888c64de7483df36b842173b48abc1fc27cfb894039eca4a7496d340b64474c2022c27a28fcd58e000d76f8ef5f943d593b6f8b65e9

    Download Submit

  • memory/396-146-0x0000000000400000-0x0000000001CE6000-memory.dmp

    Filesize

    24.9MB

    Download

  • memory/396-147-0x0000000000400000-0x0000000001CE6000-memory.dmp

    Filesize

    24.9MB

    Download

  • memory/396-141-0x0000000000400000-0x0000000001CE6000-memory.dmp

    Filesize

    24.9MB

    Download

  • memory/396-142-0x0000000000400000-0x0000000001CE6000-memory.dmp

    Filesize

    24.9MB

    Download

  • memory/396-143-0x0000000000400000-0x0000000001CE6000-memory.dmp

    Filesize

    24.9MB

    Download

  • memory/396-144-0x0000000000400000-0x0000000001CE6000-memory.dmp

    Filesize

    24.9MB

    Download

  • memory/396-154-0x0000000000400000-0x0000000001CE6000-memory.dmp

    Filesize

    24.9MB

    Download

  • memory/396-153-0x0000000000400000-0x0000000001CE6000-memory.dmp

    Filesize

    24.9MB

    Download

  • memory/396-148-0x0000000000400000-0x0000000001CE6000-memory.dmp

    Filesize

    24.9MB

    Download

  • memory/396-149-0x0000000000400000-0x0000000001CE6000-memory.dmp

    Filesize

    24.9MB

    Download

  • memory/396-150-0x0000000000400000-0x0000000001CE6000-memory.dmp

    Filesize

    24.9MB

    Download

  • memory/396-151-0x0000000000400000-0x0000000001CE6000-memory.dmp

    Filesize

    24.9MB

    Download

  • memory/396-152-0x0000000000400000-0x0000000001CE6000-memory.dmp

    Filesize

    24.9MB

    Download

  • memory/4356-139-0x0000000000400000-0x0000000001CE6000-memory.dmp

    Filesize

    24.9MB

    Download

  • memory/4356-134-0x0000000003D00000-0x00000000040D0000-memory.dmp

    Filesize

    3.8MB

    Download