General

  • Target

    soft.exe

  • Size

    4.2MB

  • Sample

    230802-c3npgsdd5w

  • MD5

    da89628d89735a5320da0513608b2fd4

  • SHA1

    44b8b35ff51a2e1c7a67c03b243ca467b21b3bb4

  • SHA256

    d398d687d76426465501c32c830c6c3298d471bab4223bc6f9ac7d4b30ae558b

  • SHA512

    9dbe9849c77262227a5a75348a164e6246a8d52a2e65907ef9681687d119a59b40dfd6f8f5b8fcf0f77509a11a7fb8f54b6990814c1958a5e28607e6c896540a

  • SSDEEP

    98304:JQCHegVO9xselnvc9DzG7xxBFKyfmtKNP0R2h7b2:JjHhIxjvc9cxrKHtyc4b2

Malware Config

Extracted

Family

laplas

C2

http://45.159.189.33

Attributes
  • api_key

    d1a05de376c0be1daa56dfb2715c8a0c5df8a111b8b31decc886df1e48db7c9c

Targets

    • Target

      soft.exe

    • Size

      4.2MB

    • MD5

      da89628d89735a5320da0513608b2fd4

    • SHA1

      44b8b35ff51a2e1c7a67c03b243ca467b21b3bb4

    • SHA256

      d398d687d76426465501c32c830c6c3298d471bab4223bc6f9ac7d4b30ae558b

    • SHA512

      9dbe9849c77262227a5a75348a164e6246a8d52a2e65907ef9681687d119a59b40dfd6f8f5b8fcf0f77509a11a7fb8f54b6990814c1958a5e28607e6c896540a

    • SSDEEP

      98304:JQCHegVO9xselnvc9DzG7xxBFKyfmtKNP0R2h7b2:JjHhIxjvc9cxrKHtyc4b2

    • Laplas Clipper

      Laplas is a crypto wallet stealer with three variants written in Golang, C#, and C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks