General

  • Target

    2d3ac826e45c79aca3716316ae5b21bc.bin

  • Size

    3.2MB

  • Sample

    230723-bpd3fsdd61

  • MD5

    f3a660e1c684e755022e08ab3c491f6a

  • SHA1

    ff55cffbbc832dffc1a1997e30fb7fad4e661f70

  • SHA256

    2f9428fcf12b9d8a677d433062ebc720e6ae7685a36184aef06b91e55833c890

  • SHA512

    86aad64e90cfc4808bd530fec9f66c484dda422c6c3850dc1d22dd8ef05d08592c4d2b1b3e43a133ef9155c6a9f75d922822fad0052d65d5831645087e689d04

  • SSDEEP

    49152:1ija2vrdtCjlWvvE8rAd4hfyh74UxpkpJo4dlhjXgMu2KWBkZsPuJHWWDtI:4fdtwkv8h4hqN4Ux0oE0MuxWiKJ

Malware Config

Extracted

Family

laplas

C2

http://45.159.188.125

Attributes
  • api_key

    31cf151bf2fece27ec94ee6dd4ee6cab42d97a97af3e2973a8494cedd21b8ff1

Targets

    • Target

      DriverSuite_for_win.exe

    • Size

      691.4MB

    • MD5

      0921de5d31e038e028c90c0896e3795b

    • SHA1

      4d387009c73e2109d39c8973f41539e695fd5af3

    • SHA256

      53a2b56b6038b74e6b7a14a99bbe2c519beea909ff054a2aa8581f15691a40a3

    • SHA512

      735fe3254771d223ba57d69054f33b4deb8657ee6ffd80935ed9e83b20c64d2241c647b9b6cc1de34118fc2d7846627200a91e4cab114ae84c358566343dfed6

    • SSDEEP

      6144:H3ZKOCO0aqqfzF3OPxX/HbAOtuP794/KMC:H3lCO0Jbbujnb

    • Laplas Clipper

      Laplas is a crypto wallet stealer with three variants written in Golang, C#, and C++.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Target

      SIack_Desk_v3-271.exe

    • Size

      327.1MB

    • MD5

      3f4ebbd015099b7dda989da99cfffe98

    • SHA1

      68365aef1196198f6a0b20d2b0dbb95283b3aa3e

    • SHA256

      200c1b45309cc260c962043eae635c5094c0884d06acc37f03c09a849c688f84

    • SHA512

      f8394ebe9c6b4a897e5a764dec44c1d38da101eaf0a3091657f8c3174d3979176300aed1eb698f596b0ba58c41522db7a1cc5c61983e01711baafe916f89313a

    • SSDEEP

      49152:TtSHkCyvh0uhRLTxd+K7EIrbgGCpLXadU/8IrOZHZVRcfM62d7Ep3W/61jn+E0t:T5veub/x6ebgGCpLXSRZ0msx973u

    Score
    7/10
    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Target

      rev_3286/AppXRuntime.admx

    • Size

      3KB

    • MD5

      88d794ea092ef395433cfa321d06e5e4

    • SHA1

      f1f7c7dfbd04ac5a92cbde88bd4f087781d63c40

    • SHA256

      5afc969e4212a6511f307385c99b8868e8c873183dc271bbb95ba571b24eb53e

    • SHA512

      ebb770102b8202de4bb7319cbc2cda860e4de5d1e95f0fbef4d4890aa2b22cd48cf73909d028a37b507926b4fad573716fba16e50b8f9eca8d5feab00ac17cca

    Score
    3/10
    • Target

      rev_3286/AuditSettings.admx

    • Size

      1KB

    • MD5

      9a36a7410b4ef98b36da553e050b9788

    • SHA1

      4ba6e5225a7c5daf30f4947b9288b708e8e557e8

    • SHA256

      ebac316580540b7ee8e399f890470527e456f2c6a103fcc899f4b2442d8e69f7

    • SHA512

      7cd81f2bedde51bca3a1f5a0889870be71ef521e5c331f1c8ba4ce97bf604adfff6cafa0fe707ed55df62bc340c45baa189e3d07f20a466ee7254f3c6abe6b74

    Score
    3/10
    • Target

      rev_3286/EventForwarding.admx

    • Size

      1KB

    • MD5

      ef4ad318ea464cde69829a9201d7d526

    • SHA1

      a3b7cc6ebb70c45cd752121d0afa30a35b72c9d3

    • SHA256

      8e3854b06f7dfef7c0e68e1258f1d33a4b888a97f075a5d25757fa987acb5704

    • SHA512

      0abca7fa5c44572841fab002f19d05756f5566b8e3ce6d172662a37ae7053d9d0838639e2ec5843ec8d5c9c05205dc6dd150eb4f91ecebefef6afefb370d869b

    Score
    3/10
    • Target

      rev_3286/ExternalBoot.admx

    • Size

      2KB

    • MD5

      ada14c9e12ebb088628c86ada31184e6

    • SHA1

      a2578366538e3de9ea2c047372217a3ff3ff25fb

    • SHA256

      4bd2d8e664271482adfdb53411298577d2bb7c5cf18a6fff30fd8f40abb17ff4

    • SHA512

      147a0d77b2c8e66a97d22e62d15248fc93c0a82d8529628a9612c7aac7dc48ccb3ca8fda317ccc0372e0c9001e8cdf8fa8d12e47d84412df3ddee0b1bebbd93f

    Score
    3/10
    • Target

      rev_3286/FileSys.admx

    • Size

      6KB

    • MD5

      499e7751b019078a8a997d67e8805686

    • SHA1

      8d3bc566a990569dcd87a4862f4ea74b5a8d7696

    • SHA256

      bc713bc684b0bdda9342da9fa7e36caf7f328f32915144c6eca49b674917df88

    • SHA512

      0ccb75c55eeddfaaaf658087904bfca12c520d542789527e1248785ead66bf9f3de8478b2661814f549c6ec0bf8ebaefa1ec250199b1a6e3ccf95f6f60637d12

    • SSDEEP

      192:sYl9Bi4JFLHTSRPTsOyA0VXAQsMAy5PVzRMS6l0TE:ztJFLHTSRPTsOylXgMf9zRMV2E

    Score
    3/10
    • Target

      rev_3286/SkyDrive.admx

    • Size

      2KB

    • MD5

      a94642be85e83bd11fe2edc8ee57a052

    • SHA1

      cce07bcc7dbe8bfef8f9397c8b6e76b96ddc9aa9

    • SHA256

      da3489644a56924340c30ba06dca8d02ac68a772c1971ebeedfb07767ea6f1ee

    • SHA512

      cfe4f318b08c3924c51eb679541b3a8d8d36cb47ffb5ebd9d979d254c1cba8782dfd8757f748944967392608dcc1775fdf82b9324b03481314b1f661a085b733

    Score
    3/10
    • Target

      rev_3286/WinCal.admx

    • Size

      1KB

    • MD5

      bede56a7aef6b3db49ab7d2eb3f2870a

    • SHA1

      bc18289b953a8ac6c0c8e519f72e6adee933ff98

    • SHA256

      1fc29fc668043aa03ffeb2d61868d3369479c3cef2c4725d162cf5344dcbdcfa

    • SHA512

      2bde0a5f1983b08379c262f86aadf8635834674981faf7feb3ebc39b12ece95b21203be82fde2fe88f6a662836374a7ac3d6fb8057d5273923259b3af206a3a6

    Score
    3/10
    • Target

      rev_3286/WorkplaceJoin.admx

    • Size

      1KB

    • MD5

      4a94b4f104af2c09215eb52d7f84f748

    • SHA1

      5c414d468a0b571ca9fec00364dd4e2a185dbe92

    • SHA256

      5fabf5c534f78ce92bf7daa6d4ade2dd61002e689a8246928209bf38d7bf1bee

    • SHA512

      971a7f298fb6ece17bd9e02d636988960b4955ed8c6e44d271f4405e06268b65db6ce396caeeb41113ef2d220418c7c0bd48f3dc5852de76331eec0307516af4

    Score
    3/10
    • Target

      rev_3286/inetres.admx

    • Size

      1.6MB

    • MD5

      39f0d8dbbe07170c55ff82ff6e0f137e

    • SHA1

      9968c17e869250de0bfb2353362ff981b1152b9c

    • SHA256

      5b9d8f4735a3bfc022542f617c2fd77dbe4b0bfbb506d51e1ed0adf896155356

    • SHA512

      9f27dd0e757cc4b8a6c3e83e4044068440547380fa91d1580b00f1b62f07822376744ee65bb5eafddc4a35b6048b8f32209d00766f88bf09df9847053c1df3c3

    • SSDEEP

      3072:0wQADKm6VNTp6qpxFwFVSl9t4VpR+4Mlu8ROYg1V:eWPq3yrvMD8Yg1V

    Score
    3/10
    • Target

      rev_3286/msched.admx

    • Size

      2KB

    • MD5

      96d22e893dfb610e2fcbf06487747388

    • SHA1

      99a792caa380276f43687b2ac36f42585d642c77

    • SHA256

      295ed67096dff66228e1069fe6f6435f829a7172983c49906f7ffd4a3e210cc0

    • SHA512

      2bf1485d0e5907eab1d472364c35ba7eaf51f4a9cd3ddae64770fdcc3c8b2729a5d2e0684d058df7f8b9c5015ebdf7ffbc65c1a7fd9f402615164f66a40ea27c

    Score
    3/10
    • Target

      rev_3286/syscond-en-US/ActiveXInstallService.adml

    • Size

      5KB

    • MD5

      46876b1e6c8ba1fbf3abc838ccf809b0

    • SHA1

      45ce70edd0ca87a5920d43385066087df134e30f

    • SHA256

      f49428cabb6f6671d95ef214133100c268d2ab04dbf0f095dd08b0105ed9d8a7

    • SHA512

      702c319b2d181753be99d99c3dff9f6c578934067c89a614e9e4b0a5da6a0fb3545a3ba4986e12e9da5de8c6af56780982d181a8d949a6e573af725e2505deca

    • SSDEEP

      48:cgeD5x8gm0fUsPXKn5o3OqALPLFS31U87GUkNAsGNuiYzXmoOX1mTXoWlIGe0FsC:LeD5pmKeC3G8SsuiYR1Pl7e0V4zZpBsV

    Score
    3/10
    • Target

      rev_3286/syscond-en-US/AddRemovePrograms.adml

    • Size

      10KB

    • MD5

      dfe20a0ca8674d6eaea280c139e2688a

    • SHA1

      97027b92d40f5029ff296a9ea3105b775b50c209

    • SHA256

      c97cd236f8be2b235685d3d16632482839208604db3f550f9524eafda33b9ca9

    • SHA512

      120c45bd17045b6f3d4a9295e1888d81ffa99ed0f1d146aa2eec387c1187eef8c718179771bc0cdbe01a37a487d933f55c92f6f37954f392f007cbfaa2aec877

    • SSDEEP

      192:Eyvs59wT2mCtKNSMRdMi4LBDZDHZEzT+ygx5LDkFdzj9nWyihWhqeGzpbeEKJ28m:ZvyiCDdyTO54zj9na8hqe6pbeEK5jq

    Score
    3/10
    • Target

      rev_3286/syscond-en-US/AppCompat.adml

    • Size

      9KB

    • MD5

      93c28840d18ed15af63308926f5aac66

    • SHA1

      5ed7a8056f1e8a68fea17c6ef81b695df8a3ea70

    • SHA256

      0ac43a8df0e8795968c0f9b6ecc6fbf620b761c128545ad689eec5dff21f5f1d

    • SHA512

      653b9905dc0bbde62f06efa1c613f4e4a0823331d31d396db0226fdb41a9ad4d148c1b5dabfa0ca64a74156f5ad446428f3344ffe75828a7c8225d3f0d214758

    • SSDEEP

      192:EsMVhCuGKXl6hIAtZUqxw66Utw0Uvk3EUN2X/TDcvEn:J/uX6GAjj6mcvk3EUN2XXcvQ

    Score
    3/10
    • Target

      rev_3286/syscond-en-US/AppXRuntime.adml

    • Size

      4KB

    • MD5

      bf19db2e91edefe517515ba23b30103e

    • SHA1

      324d98b315d7f8e096d8d61505610706d0c73856

    • SHA256

      42778994d23cdb74c446e70c30942991e89df6aacc1225aebb05464d69da6dec

    • SHA512

      9c193cd9597f90913643cdd2079e36930e60b6ab539d96ba0d5da7ea2b5dde0b78d7451d0a4ac37cbbb8a90c548285fbf640099eda949665e186586d893adb14

    • SSDEEP

      96:jJpm5IJUVaBfgHt6kNEmB+kClbNpbj03V:Xc3AIHF20F

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks

static1

Score
3/10

behavioral1

laplasclipperpersistencestealer
Score
10/10

behavioral2

laplasclipperpersistencestealer
Score
10/10

behavioral3

spywarestealer
Score
7/10

behavioral4

spywarestealer
Score
7/10

behavioral5

Score
1/10

behavioral6

Score
3/10

behavioral7

Score
1/10

behavioral8

Score
3/10

behavioral9

Score
1/10

behavioral10

Score
3/10

behavioral11

Score
1/10

behavioral12

Score
3/10

behavioral13

Score
1/10

behavioral14

Score
3/10

behavioral15

Score
1/10

behavioral16

Score
3/10

behavioral17

Score
1/10

behavioral18

Score
3/10

behavioral19

Score
1/10

behavioral20

Score
3/10

behavioral21

Score
1/10

behavioral22

Score
3/10

behavioral23

Score
1/10

behavioral24

Score
3/10

behavioral25

Score
1/10

behavioral26

Score
3/10

behavioral27

Score
1/10

behavioral28

Score
3/10

behavioral29

Score
1/10

behavioral30

Score
3/10

behavioral31

Score
1/10

behavioral32

Score
3/10