General

  • Target

    26d701422ad9fcb12ec3bf5efa2ce6df83e425cfcd61c6c393c4aaad3a46b7cc

  • Size

    3.4MB

  • Sample

    230730-3a6byabf79

  • MD5

    9cc8c2df003851e7a8fd1ffb8386eb5f

  • SHA1

    917bf018cd62ddf5dd4f4d1709451901204b90a2

  • SHA256

    26d701422ad9fcb12ec3bf5efa2ce6df83e425cfcd61c6c393c4aaad3a46b7cc

  • SHA512

    6ea0e39be36c3fd70bdc7367c7a3e2e2f85426f30f7922d8dc53567bc8a068612db4f81714c356bf418240adb8fd845b3715029335bee9692167d60cf151576a

  • SSDEEP

    49152:ZCfCy+NPnKB9iN5zR6goQk9O1x5gIhodeeLMTnGdJaoYB+rkB4JtIiMj3q9/Yy:qiKB9GZ+O1xPWeDGdJ/YB+sCM+9/Yy

Malware Config

Extracted

Family

laplas

C2

http://185.209.161.89

Attributes
  • api_key

    6a2714906f1325d666e4cf9f6269c2352ccfb7e7f1a23c114287dc69ddf27cb0

Targets

    • Target

      26d701422ad9fcb12ec3bf5efa2ce6df83e425cfcd61c6c393c4aaad3a46b7cc

    • Size

      3.4MB

    • MD5

      9cc8c2df003851e7a8fd1ffb8386eb5f

    • SHA1

      917bf018cd62ddf5dd4f4d1709451901204b90a2

    • SHA256

      26d701422ad9fcb12ec3bf5efa2ce6df83e425cfcd61c6c393c4aaad3a46b7cc

    • SHA512

      6ea0e39be36c3fd70bdc7367c7a3e2e2f85426f30f7922d8dc53567bc8a068612db4f81714c356bf418240adb8fd845b3715029335bee9692167d60cf151576a

    • SSDEEP

      49152:ZCfCy+NPnKB9iN5zR6goQk9O1x5gIhodeeLMTnGdJaoYB+rkB4JtIiMj3q9/Yy:qiKB9GZ+O1xPWeDGdJ/YB+sCM+9/Yy

    • Laplas Clipper

      Laplas is a crypto wallet stealer with three variants written in Golang, C#, and C++.

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks