General

  • Target

    8fb576e716932b3b621c16cacbc09649b466335236f0fa0875ffb7706dab0034

  • Size

    4.2MB

  • Sample

    230713-aj1tlafh8w

  • MD5

    6dc144922cd53d27b561798e3c783a88

  • SHA1

    9b73c41a5ed06eab41ed06d9d908993f6f78f09c

  • SHA256

    8fb576e716932b3b621c16cacbc09649b466335236f0fa0875ffb7706dab0034

  • SHA512

    5152eeeb47bee872fd6a6cb10e733eb8a0ecc825dc3f05a566ebe8cc5060192b0d3fa17281d3f35b7903de0d0984f08c84528edd3aa871bdfb06185ad5e282f9

  • SSDEEP

    98304:FqAOShxAY+cI3/fehOao7p0j6zlMlNQUgNK/iEJiFU0Nk:FqAOShGND3/fehVZ6JM+NKaEEFU0

Malware Config

Extracted

Family

laplas

C2

http://45.159.189.105

Attributes
  • api_key

    f52a5c9bc5eb2f51b22f04f3e85c301ac0170a650de6044773f0a8309fbdfb79

Targets

    • Target

      8fb576e716932b3b621c16cacbc09649b466335236f0fa0875ffb7706dab0034

    • Size

      4.2MB

    • MD5

      6dc144922cd53d27b561798e3c783a88

    • SHA1

      9b73c41a5ed06eab41ed06d9d908993f6f78f09c

    • SHA256

      8fb576e716932b3b621c16cacbc09649b466335236f0fa0875ffb7706dab0034

    • SHA512

      5152eeeb47bee872fd6a6cb10e733eb8a0ecc825dc3f05a566ebe8cc5060192b0d3fa17281d3f35b7903de0d0984f08c84528edd3aa871bdfb06185ad5e282f9

    • SSDEEP

      98304:FqAOShxAY+cI3/fehOao7p0j6zlMlNQUgNK/iEJiFU0Nk:FqAOShGND3/fehVZ6JM+NKaEEFU0

    • Laplas Clipper

      Laplas is a crypto wallet stealer with three variants written in Golang, C#, and C++.

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v6

Tasks