General

  • Target

    17ca2de661fa07dd83a55a5005c61eb8aee1e9cab56e9a13bc36a27f4b785554

  • Size

    3.1MB

  • Sample

    230725-pterfadb6v

  • MD5

    18658dec7775fa53f081b892d6a2b027

  • SHA1

    fa8d901c7aac70e2c37544883ce087e48c6302d1

  • SHA256

    17ca2de661fa07dd83a55a5005c61eb8aee1e9cab56e9a13bc36a27f4b785554

  • SHA512

    cae5c6041b22b507ce66cb3b6509ff692b359748791aa93e006e1a700ff3cd439314823d070ff869ca4aac8fb8c2ac41d8de134bd1802693833b6cec7464f56d

  • SSDEEP

    98304:F28fuEzm1Q1n5oIVb0cCU/8j+okSprZHm87mv2B9:swm1o5pF4U/UhkSprZHJT

Malware Config

Extracted

Family

laplas

C2

http://lpls.tuktuk.ug

Attributes
  • api_key

    a0f588021b58e0c7908a163f8750678efedf2a66bf739a12427b379aef47ccde

Targets

    • Target

      17ca2de661fa07dd83a55a5005c61eb8aee1e9cab56e9a13bc36a27f4b785554

    • Size

      3.1MB

    • MD5

      18658dec7775fa53f081b892d6a2b027

    • SHA1

      fa8d901c7aac70e2c37544883ce087e48c6302d1

    • SHA256

      17ca2de661fa07dd83a55a5005c61eb8aee1e9cab56e9a13bc36a27f4b785554

    • SHA512

      cae5c6041b22b507ce66cb3b6509ff692b359748791aa93e006e1a700ff3cd439314823d070ff869ca4aac8fb8c2ac41d8de134bd1802693833b6cec7464f56d

    • SSDEEP

      98304:F28fuEzm1Q1n5oIVb0cCU/8j+okSprZHm87mv2B9:swm1o5pF4U/UhkSprZHJT

    • Laplas Clipper

      Laplas is a crypto wallet stealer with three variants written in Golang, C#, and C++.

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Executes dropped EXE

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks