General

  • Target

    Palmation.exe

  • Size

    774KB

  • Sample

    230713-phnvzagf35

  • MD5

    222dc22a19f7b727765a88993a083298

  • SHA1

    6b4ef2636ec2f909ef9956bcbc2b6a21c17ac381

  • SHA256

    d7cdca1d97dcd36ec44cdfa57cf055a89cbc65434fb5256720e121ffe6e186ea

  • SHA512

    8e0a919d28bd0433176eb3e87832bf9c0d674d95a457baacab46a4c0ec3c9264f4e96c3899c5233c5fa5c7070240b486bb03170601dabd1a6e299cb54d8901f0

  • SSDEEP

    24576:wIXq+/cLIcgjkTVPwPSqqbH/j0KT6k99Sxn86LjLNVD+aFFNYfm16bx3UU8TX2x9:w9l8FivQNw

Malware Config

Extracted

Family

laplas

C2

http://185.209.161.189

Attributes
  • api_key

    f0cd0c3938331a84425c6e784f577ccd87bb667cfdb44cc24f97f402ac5e15b7

Targets

    • Target

      Palmation.exe

    • Size

      774KB

    • MD5

      222dc22a19f7b727765a88993a083298

    • SHA1

      6b4ef2636ec2f909ef9956bcbc2b6a21c17ac381

    • SHA256

      d7cdca1d97dcd36ec44cdfa57cf055a89cbc65434fb5256720e121ffe6e186ea

    • SHA512

      8e0a919d28bd0433176eb3e87832bf9c0d674d95a457baacab46a4c0ec3c9264f4e96c3899c5233c5fa5c7070240b486bb03170601dabd1a6e299cb54d8901f0

    • SSDEEP

      24576:wIXq+/cLIcgjkTVPwPSqqbH/j0KT6k99Sxn86LjLNVD+aFFNYfm16bx3UU8TX2x9:w9l8FivQNw

    • Laplas Clipper

      Laplas is a crypto wallet stealer with three variants written in Golang, C#, and C++.

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks