General

  • Target

    346c907673f63b007141f403f6ae9b888103132b75a1ab056e5898917f8ab28c

  • Size

    4.4MB

  • Sample

    230805-egwt3sff22

  • MD5

    f61e05f96863f1070d3614d2dd6cb4f7

  • SHA1

    43aea9068eed04aa2aa44e352e69a5ba9cecc6c7

  • SHA256

    346c907673f63b007141f403f6ae9b888103132b75a1ab056e5898917f8ab28c

  • SHA512

    61477452f661cc0835f3806ee93f5c42057b57a4505dbb6f1f739935c875857f12fb5d48c385e4b8473a075dfd1684bdb695cd0ef3c376e9a6a808fde7df25dc

  • SSDEEP

    98304:ZBGu/ztzM5DBhXBXrkUULWWd7PrTgvvQ069Rmu/sKWBGJx:ZB3/V+DBhXVkUULbPcY35/sKWm

Malware Config

Extracted

Family

laplas

C2

http://45.159.189.33

Attributes
  • api_key

    d1a05de376c0be1daa56dfb2715c8a0c5df8a111b8b31decc886df1e48db7c9c

Targets

    • Target

      346c907673f63b007141f403f6ae9b888103132b75a1ab056e5898917f8ab28c

    • Size

      4.4MB

    • MD5

      f61e05f96863f1070d3614d2dd6cb4f7

    • SHA1

      43aea9068eed04aa2aa44e352e69a5ba9cecc6c7

    • SHA256

      346c907673f63b007141f403f6ae9b888103132b75a1ab056e5898917f8ab28c

    • SHA512

      61477452f661cc0835f3806ee93f5c42057b57a4505dbb6f1f739935c875857f12fb5d48c385e4b8473a075dfd1684bdb695cd0ef3c376e9a6a808fde7df25dc

    • SSDEEP

      98304:ZBGu/ztzM5DBhXBXrkUULWWd7PrTgvvQ069Rmu/sKWBGJx:ZB3/V+DBhXVkUULbPcY35/sKWm

    • Laplas Clipper

      Laplas is a crypto wallet stealer with three variants written in Golang, C#, and C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks