Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

e522454c7f...a2.exe

windows7-x64

10

e522454c7f...a2.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2aa0fe002aeee888c33dbb6864580e6c.bin

  • Size

    3.8MB

  • Sample

    230723-blbg6ach47

  • MD5

    e6d5df45cc3f84cad9380ce6a0a5946d

  • SHA1

    3e0a63913ae11898020b6da1bdc035a8898852a5

  • SHA256

    674c8d94cf9924732c53502672cd3dfcc3173f1c073e2f355eed447751abf286

  • SHA512

    b21c3f26f4c40413d05e436d4f5f8ef178c7f210b03c885c7c5e89ab21c65568d09b782cf5e5ef2fadf10aad35bbb549eef8efeb6faacbe5c9d8b8d77bb26dd9

  • SSDEEP

    98304:cTJyxZDMLJy5sMu2CPZ9tYBzmCgXg1ubxl5DB9dZd+iV0T:aiVMVy5sNZ9tZCgzlLLV0T

Score
10/10
laplasclipperevasionpersistencestealertrojan

Malware Config

Extracted

Family

laplas

C2

http://185.209.161.89

Attributes
  • api_key

    6a2714906f1325d666e4cf9f6269c2352ccfb7e7f1a23c114287dc69ddf27cb0

Targets

    • Target

      e522454c7fb915cb65e42e67ea9890df5ead1356053e563c43a1603f669c6fa2.exe

    • Size

      3.9MB

    • MD5

      2aa0fe002aeee888c33dbb6864580e6c

    • SHA1

      e10a14cede8f2e48ccd6fb5111583fcf5156030a

    • SHA256

      e522454c7fb915cb65e42e67ea9890df5ead1356053e563c43a1603f669c6fa2

    • SHA512

      0598092827b729fa9720f4fbd61087323fce6fb7318fb286784fcc125c5e64d69a0d9cdb57ee11ca0f7474dffd17b7af647ef71affafdb0fc608b705bd66d1fd

    • SSDEEP

      98304:LdD7hTCd16KI1cqLrUmolDD/0z+lzZQ57j:LJ7F4wcYUdRzI7j

    Score
    10/10
    laplasclipperevasionpersistencestealertrojan

    • Laplas Clipper

      Laplas is a crypto wallet stealer with three variants written in Golang, C#, and C++.

      stealerclipperlaplas

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.