General

  • Target

    6bbcf743fa00cfa33aa60a923d319850111d610b44cfdbe1b5dc6c672f177a8f

  • Size

    4.4MB

  • Sample

    230722-ffs78shf88

  • MD5

    24c40e66db640789a022cb839b28d476

  • SHA1

    b6000f4b0e71ce952267e7e5728bc4181877c497

  • SHA256

    6bbcf743fa00cfa33aa60a923d319850111d610b44cfdbe1b5dc6c672f177a8f

  • SHA512

    481240b66ac8eb61b8a9aa6e22e14abdffba7869695c7b92214029a714b619319d3c50bc640e79bf790de309d5a412f4e0fecabc1082acd52d1984c8c8f8f0cd

  • SSDEEP

    98304:/C0+qzz+DpM8iptpFvoyDz8nFEPlSV20WKeaGLjc1TLAOjs5O:K0X2dM8iPpF/Dz8nFSl90WWGLjc1HAOd

Malware Config

Extracted

Family

laplas

C2

http://lpls.tuktuk.ug

Attributes
  • api_key

    a0f588021b58e0c7908a163f8750678efedf2a66bf739a12427b379aef47ccde

Targets

    • Target

      6bbcf743fa00cfa33aa60a923d319850111d610b44cfdbe1b5dc6c672f177a8f

    • Size

      4.4MB

    • MD5

      24c40e66db640789a022cb839b28d476

    • SHA1

      b6000f4b0e71ce952267e7e5728bc4181877c497

    • SHA256

      6bbcf743fa00cfa33aa60a923d319850111d610b44cfdbe1b5dc6c672f177a8f

    • SHA512

      481240b66ac8eb61b8a9aa6e22e14abdffba7869695c7b92214029a714b619319d3c50bc640e79bf790de309d5a412f4e0fecabc1082acd52d1984c8c8f8f0cd

    • SSDEEP

      98304:/C0+qzz+DpM8iptpFvoyDz8nFEPlSV20WKeaGLjc1TLAOjs5O:K0X2dM8iPpF/Dz8nFSl90WWGLjc1HAOd

    • Laplas Clipper

      Laplas is a crypto wallet stealer with three variants written in Golang, C#, and C++.

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks