laplas | 6245c07bf0750103927e9040861ef8b7dd5542d0e58bf5224830d2da89da391f | Triage

Submit
Reports

Overview

overview

Static

static

1

installer.zip

windows10-2004-x64

Sharing

General

Target

installer.zip
Size

1.5MB
Sample

230706-qzl85sbg64
MD5

98a2b3e1a3ffe6bf93e15f580b8a0172
SHA1

d4100db083f42a3e4d872c52e2409ebb66382505
SHA256

6245c07bf0750103927e9040861ef8b7dd5542d0e58bf5224830d2da89da391f
SHA512

63df92f9d69a470834e11b337bbc85fa033a5c92c4a9c7a0fd2dcce90c03cfef03ce39cb7e1062b10f7a0b81abfe559bfe9b8124c3bb7771886a3e3da8d17720
SSDEEP

49152:RubvnOfAShPr98xN4ACTXtoGj72uk3l9Yvxrs:gbPOfAShPr9874dWY72ui6o

Score

10^/10

laplas redline 0407 @hddwet clipper discovery infostealer persistence spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

installer.zip

Resource

win10v2004-20230703-en

laplas redline 0407 @hddwet clipper discovery infostealer persistence spyware stealer

windows10-2004-x64

30 signatures

1200 seconds

Malware Config

Extracted

Family

redline

Botnet

@hddwet

C2

94.142.138.4:80

Attributes

auth_value
7ea037c98a7d3534ffcae43a97e29278

Extracted

Family

redline

Botnet

0407

C2

89.23.96.198:24230

Attributes

auth_value
09f9c337ba96f35d1b35a378ca190d67

Extracted

Family

laplas

C2

http://185.209.161.189

Attributes

api_key
f0cd0c3938331a84425c6e784f577ccd87bb667cfdb44cc24f97f402ac5e15b7

Targets

- Target
  
  installer.zip
- Size
  
  1.5MB
- MD5
  
  98a2b3e1a3ffe6bf93e15f580b8a0172
- SHA1
  
  d4100db083f42a3e4d872c52e2409ebb66382505
- SHA256
  
  6245c07bf0750103927e9040861ef8b7dd5542d0e58bf5224830d2da89da391f
- SHA512
  
  63df92f9d69a470834e11b337bbc85fa033a5c92c4a9c7a0fd2dcce90c03cfef03ce39cb7e1062b10f7a0b81abfe559bfe9b8124c3bb7771886a3e3da8d17720
- SSDEEP
  
  49152:RubvnOfAShPr98xN4ACTXtoGj72uk3l9Yvxrs:gbPOfAShPr9874dWY72ui6o
Score

10^/10

laplas redline 0407 @hddwet clipper discovery infostealer persistence spyware stealer
- Laplas Clipper
  Laplas is a crypto wallet stealer with three variants written in Golang, C#, and C++.
  stealer clipper laplas
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Modifies system executable filetype association
  persistence
- Registers COM server for autorun
  persistence
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Change Default File Association

Hidden Files and Directories

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Hidden Files and Directories

Modify Registry

Web Service

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

laplasredline0407@hddwetclipperdiscoveryinfostealerpersistencespywarestealer

© 2018-2024

Terms | Privacy