General

  • Target

    f2028b4fb0b43abc5a062bd35_JC.exe

  • Size

    257KB

  • Sample

    230729-veqs2sfa9t

  • MD5

    2f28772b3cf7328df4f249e872568c2d

  • SHA1

    dd4d410c55d413c4794eb0c4f60d179613ab6bc0

  • SHA256

    f2028b4fb0b43abc5a062bd359622b254dbf0e301f2a8b842d062896ca24692b

  • SHA512

    b96de652ed787364696128c6b81643f7c86db350c1f0544c1b0d79f09e68f29c4df751a591cbf6d5aa4de29ced2ad56e9589109142a3d692f654dd1a54d88485

  • SSDEEP

    6144:EtvxnwCJczsk0zhh3a+Rpaur08m8mQOw0O:EpV1Jczr+h7L9Q8mYz

Malware Config

Extracted

Family

laplas

C2

http://45.159.189.33

Attributes
  • api_key

    d1a05de376c0be1daa56dfb2715c8a0c5df8a111b8b31decc886df1e48db7c9c

Targets

    • Target

      f2028b4fb0b43abc5a062bd35_JC.exe

    • Size

      257KB

    • MD5

      2f28772b3cf7328df4f249e872568c2d

    • SHA1

      dd4d410c55d413c4794eb0c4f60d179613ab6bc0

    • SHA256

      f2028b4fb0b43abc5a062bd359622b254dbf0e301f2a8b842d062896ca24692b

    • SHA512

      b96de652ed787364696128c6b81643f7c86db350c1f0544c1b0d79f09e68f29c4df751a591cbf6d5aa4de29ced2ad56e9589109142a3d692f654dd1a54d88485

    • SSDEEP

      6144:EtvxnwCJczsk0zhh3a+Rpaur08m8mQOw0O:EpV1Jczr+h7L9Q8mYz

    • Laplas Clipper

      Laplas is a crypto wallet stealer with three variants written in Golang, C#, and C++.

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Downloads MZ/PE file

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks