General

  • Target

    b6e2f26fea81267dc7b39b4f919083c8c8be5ff233a5c3acca6e1339d5bb21e2

  • Size

    4.1MB

  • Sample

    230730-pbgs3shb33

  • MD5

    b30e29bccabab032c27910210d9ccf76

  • SHA1

    caa3927738b66c3ecc553943eabedcbbfbe4c0da

  • SHA256

    b6e2f26fea81267dc7b39b4f919083c8c8be5ff233a5c3acca6e1339d5bb21e2

  • SHA512

    ce8348d0547de624b1bf19804c87b1e0379d29c5fe585d0ac602f51dd1bab90649654b87ebd236eef593829757d182ae16facbd5c2710bfecc87837c63a495a8

  • SSDEEP

    98304:BTq01m8gyX4fG9VNFJgAvUvc7uqBbDKxh4vU:BG0tgyoelMv+FAhwU

Malware Config

Extracted

Family

laplas

C2

http://lpls.tuktuk.ug

Attributes
  • api_key

    a0f588021b58e0c7908a163f8750678efedf2a66bf739a12427b379aef47ccde

Targets

    • Target

      b6e2f26fea81267dc7b39b4f919083c8c8be5ff233a5c3acca6e1339d5bb21e2

    • Size

      4.1MB

    • MD5

      b30e29bccabab032c27910210d9ccf76

    • SHA1

      caa3927738b66c3ecc553943eabedcbbfbe4c0da

    • SHA256

      b6e2f26fea81267dc7b39b4f919083c8c8be5ff233a5c3acca6e1339d5bb21e2

    • SHA512

      ce8348d0547de624b1bf19804c87b1e0379d29c5fe585d0ac602f51dd1bab90649654b87ebd236eef593829757d182ae16facbd5c2710bfecc87837c63a495a8

    • SSDEEP

      98304:BTq01m8gyX4fG9VNFJgAvUvc7uqBbDKxh4vU:BG0tgyoelMv+FAhwU

    • Laplas Clipper

      Laplas is a crypto wallet stealer with three variants written in Golang, C#, and C++.

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Executes dropped EXE

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks