General

  • Target

    6c409b3b0df0aa505ee678977b9af11b28a4456ca73c6fa99be6b30d31849dac

  • Size

    6.2MB

  • Sample

    230729-ffqr4sah92

  • MD5

    c1bdc48d24699fd1d43938a3f32fa7fd

  • SHA1

    08bdc9543146ea0f16d32237cca2c4446f9b3a80

  • SHA256

    6c409b3b0df0aa505ee678977b9af11b28a4456ca73c6fa99be6b30d31849dac

  • SHA512

    80bf4c3c2f8face2432d0ebee8ae0982efc2e576dd5f0898fdff434927a6ad6079c793e5cd75835e4cfbd9f1ad831882c625e1df89893c69488a469f5e81eecf

  • SSDEEP

    196608:OgvS7Syd4AnGKG3ZWQm1f6c2kjWNM69UWr:Pa7HFnGhkd1f6c2kjR6+Wr

Malware Config

Extracted

Family

laplas

C2

http://185.209.161.89

Attributes
  • api_key

    6a2714906f1325d666e4cf9f6269c2352ccfb7e7f1a23c114287dc69ddf27cb0

Targets

    • Target

      6c409b3b0df0aa505ee678977b9af11b28a4456ca73c6fa99be6b30d31849dac

    • Size

      6.2MB

    • MD5

      c1bdc48d24699fd1d43938a3f32fa7fd

    • SHA1

      08bdc9543146ea0f16d32237cca2c4446f9b3a80

    • SHA256

      6c409b3b0df0aa505ee678977b9af11b28a4456ca73c6fa99be6b30d31849dac

    • SHA512

      80bf4c3c2f8face2432d0ebee8ae0982efc2e576dd5f0898fdff434927a6ad6079c793e5cd75835e4cfbd9f1ad831882c625e1df89893c69488a469f5e81eecf

    • SSDEEP

      196608:OgvS7Syd4AnGKG3ZWQm1f6c2kjWNM69UWr:Pa7HFnGhkd1f6c2kjR6+Wr

    • Laplas Clipper

      Laplas is a crypto wallet stealer with three variants written in Golang, C#, and C++.

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks