General

  • Target

    f4695fd70f1ed48d7e31f7ba81380059.exe

  • Size

    4.9MB

  • Sample

    230720-j29nwsec21

  • MD5

    f4695fd70f1ed48d7e31f7ba81380059

  • SHA1

    960a03052f1b240e9f44ea416ff7e65358d8a41a

  • SHA256

    626a5e1642d856a65b62dc2dff5b1369fa3bd66b000278db83d2d5d67e8289ed

  • SHA512

    04a5b544869cc408b66e0f2e9e669b6bc5f366bf9acd2f3d792176e8506f8808dd0cef27d7d3b8c52542566529e0dcec2d1fa0467e96f46a9013a663dff2fc59

  • SSDEEP

    98304:zomYgKWWA1fGjzpSmL7CfDbHsATgXCagCpSP/0aJ67k0w6wdTM:ELgKWfQzDLWTcClCpwyk0w9M

Malware Config

Extracted

Family

laplas

C2

http://168.100.10.236

Attributes
  • api_key

    f52a5c9bc5eb2f51b22f04f3e85c301ac0170a650de6044773f0a8309fbdfb79

Targets

    • Target

      f4695fd70f1ed48d7e31f7ba81380059.exe

    • Size

      4.9MB

    • MD5

      f4695fd70f1ed48d7e31f7ba81380059

    • SHA1

      960a03052f1b240e9f44ea416ff7e65358d8a41a

    • SHA256

      626a5e1642d856a65b62dc2dff5b1369fa3bd66b000278db83d2d5d67e8289ed

    • SHA512

      04a5b544869cc408b66e0f2e9e669b6bc5f366bf9acd2f3d792176e8506f8808dd0cef27d7d3b8c52542566529e0dcec2d1fa0467e96f46a9013a663dff2fc59

    • SSDEEP

      98304:zomYgKWWA1fGjzpSmL7CfDbHsATgXCagCpSP/0aJ67k0w6wdTM:ELgKWfQzDLWTcClCpwyk0w9M

    • Laplas Clipper

      Laplas is a crypto wallet stealer with three variants written in Golang, C#, and C++.

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v6

Tasks