General

  • Target

    b95ae0c815dc8fc44d8c8bbde1e853b96c3e1389fb30bcdf1d68f8e6a74b3106

  • Size

    3.8MB

  • Sample

    230727-2kyt6saa69

  • MD5

    9b79f724b8ed77f9e3ce6a71b4cf909d

  • SHA1

    455751b77ffb738d260c6388f191aa590c40eb50

  • SHA256

    b95ae0c815dc8fc44d8c8bbde1e853b96c3e1389fb30bcdf1d68f8e6a74b3106

  • SHA512

    0feb6c94b6c8fbceb8e63b0629e33d72c6080003203080b7d376a0bdf3f1a3a170bd19e1ce81ba284ea15d96414f57031361ac3dbbadf3c13090d86798906fad

  • SSDEEP

    98304:egg3eNxij7+KwZL+iHkrzLSAu1SEJVARl0080jeG3KshnA:hguNxZB/RSE4W2ys5A

Malware Config

Extracted

Family

laplas

C2

http://206.189.229.43

Attributes
  • api_key

    f52a5c9bc5eb2f51b22f04f3e85c301ac0170a650de6044773f0a8309fbdfb79

Targets

    • Target

      b95ae0c815dc8fc44d8c8bbde1e853b96c3e1389fb30bcdf1d68f8e6a74b3106

    • Size

      3.8MB

    • MD5

      9b79f724b8ed77f9e3ce6a71b4cf909d

    • SHA1

      455751b77ffb738d260c6388f191aa590c40eb50

    • SHA256

      b95ae0c815dc8fc44d8c8bbde1e853b96c3e1389fb30bcdf1d68f8e6a74b3106

    • SHA512

      0feb6c94b6c8fbceb8e63b0629e33d72c6080003203080b7d376a0bdf3f1a3a170bd19e1ce81ba284ea15d96414f57031361ac3dbbadf3c13090d86798906fad

    • SSDEEP

      98304:egg3eNxij7+KwZL+iHkrzLSAu1SEJVARl0080jeG3KshnA:hguNxZB/RSE4W2ys5A

    • Laplas Clipper

      Laplas is a crypto wallet stealer with three variants written in Golang, C#, and C++.

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks