General

  • Target

    DriverSuiteforwin.exe

  • Size

    248KB

  • Sample

    230722-h9h1gaad71

  • MD5

    5204e5160631e610268e2f9c37e0e0fd

  • SHA1

    62894f9984688dfa89c107d87468299880a8423e

  • SHA256

    977576b2524a137c9477d4ecbe5530a63c3b40e143dbf499f58cd1c5dfd5a2b2

  • SHA512

    895111cdb7014ec3c985f3f4b901d42d68a85a674d4bf08df568f6df7ad34e1bd18024cf0b3652b35ee6f7072999ed043625b3ec36a427e90e5370835770cd92

  • SSDEEP

    6144:H3ZKOCO0aqqfzF3OPxX/HbAOtuP794/KM:H3lCO0Jbbujn

Malware Config

Extracted

Family

laplas

C2

http://45.159.188.125

Attributes
  • api_key

    31cf151bf2fece27ec94ee6dd4ee6cab42d97a97af3e2973a8494cedd21b8ff1

Targets

    • Target

      DriverSuiteforwin.exe

    • Size

      248KB

    • MD5

      5204e5160631e610268e2f9c37e0e0fd

    • SHA1

      62894f9984688dfa89c107d87468299880a8423e

    • SHA256

      977576b2524a137c9477d4ecbe5530a63c3b40e143dbf499f58cd1c5dfd5a2b2

    • SHA512

      895111cdb7014ec3c985f3f4b901d42d68a85a674d4bf08df568f6df7ad34e1bd18024cf0b3652b35ee6f7072999ed043625b3ec36a427e90e5370835770cd92

    • SSDEEP

      6144:H3ZKOCO0aqqfzF3OPxX/HbAOtuP794/KM:H3lCO0Jbbujn

    • Laplas Clipper

      Laplas is a crypto wallet stealer with three variants written in Golang, C#, and C++.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks