General

  • Target

    2aa0fe002aeee888c33dbb6864580e6c.bin

  • Size

    3.8MB

  • Sample

    230723-blbg6ach47

  • MD5

    e6d5df45cc3f84cad9380ce6a0a5946d

  • SHA1

    3e0a63913ae11898020b6da1bdc035a8898852a5

  • SHA256

    674c8d94cf9924732c53502672cd3dfcc3173f1c073e2f355eed447751abf286

  • SHA512

    b21c3f26f4c40413d05e436d4f5f8ef178c7f210b03c885c7c5e89ab21c65568d09b782cf5e5ef2fadf10aad35bbb549eef8efeb6faacbe5c9d8b8d77bb26dd9

  • SSDEEP

    98304:cTJyxZDMLJy5sMu2CPZ9tYBzmCgXg1ubxl5DB9dZd+iV0T:aiVMVy5sNZ9tZCgzlLLV0T

Malware Config

Extracted

Family

laplas

C2

http://185.209.161.89

Attributes
  • api_key

    6a2714906f1325d666e4cf9f6269c2352ccfb7e7f1a23c114287dc69ddf27cb0

Targets

    • Target

      e522454c7fb915cb65e42e67ea9890df5ead1356053e563c43a1603f669c6fa2.exe

    • Size

      3.9MB

    • MD5

      2aa0fe002aeee888c33dbb6864580e6c

    • SHA1

      e10a14cede8f2e48ccd6fb5111583fcf5156030a

    • SHA256

      e522454c7fb915cb65e42e67ea9890df5ead1356053e563c43a1603f669c6fa2

    • SHA512

      0598092827b729fa9720f4fbd61087323fce6fb7318fb286784fcc125c5e64d69a0d9cdb57ee11ca0f7474dffd17b7af647ef71affafdb0fc608b705bd66d1fd

    • SSDEEP

      98304:LdD7hTCd16KI1cqLrUmolDD/0z+lzZQ57j:LJ7F4wcYUdRzI7j

    • Laplas Clipper

      Laplas is a crypto wallet stealer with three variants written in Golang, C#, and C++.

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks