General

  • Target

    18658dec7775fa53f081b892d6a2b027.bin

  • Size

    3.1MB

  • Sample

    230727-bcxn2ahd6w

  • MD5

    6fcbbba89adf250c7cd231f5896f16cc

  • SHA1

    83c7ebf0c303dc3435fe12d89bf07c512e02263f

  • SHA256

    7e8bcb5a4cf982060f3f7fbb291e672849267ef3004034f739e18a2c5c90ae53

  • SHA512

    7ee5f72b78bf2df8b498a5c8f9e67adea0f8253fda3aacc0f560cce46e222ba20b6119f18c4d8523942b267d4e0152713285d3dc5d39623b4ec983f209da2984

  • SSDEEP

    49152:3Rwbb9o64lZQBDbegiMjrXvFNzJY0TYW3irI2w083fFlx3nMHNaD2zeCHQSE0sqP:4C64rQBOIfXvlcafPynLX9sqP

Malware Config

Extracted

Family

laplas

C2

http://lpls.tuktuk.ug

Attributes
  • api_key

    a0f588021b58e0c7908a163f8750678efedf2a66bf739a12427b379aef47ccde

Targets

    • Target

      17ca2de661fa07dd83a55a5005c61eb8aee1e9cab56e9a13bc36a27f4b785554.exe

    • Size

      3.1MB

    • MD5

      18658dec7775fa53f081b892d6a2b027

    • SHA1

      fa8d901c7aac70e2c37544883ce087e48c6302d1

    • SHA256

      17ca2de661fa07dd83a55a5005c61eb8aee1e9cab56e9a13bc36a27f4b785554

    • SHA512

      cae5c6041b22b507ce66cb3b6509ff692b359748791aa93e006e1a700ff3cd439314823d070ff869ca4aac8fb8c2ac41d8de134bd1802693833b6cec7464f56d

    • SSDEEP

      98304:F28fuEzm1Q1n5oIVb0cCU/8j+okSprZHm87mv2B9:swm1o5pF4U/UhkSprZHJT

    • Laplas Clipper

      Laplas is a crypto wallet stealer with three variants written in Golang, C#, and C++.

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks