General

  • Target

    6cb68a9436555db343231d87302b29660a80a41a8e0139ad9bd67010efa8d904

  • Size

    10.0MB

  • Sample

    230904-c443vsdd7z

  • MD5

    0b9d2831ef8b3b992ccd927eacda539c

  • SHA1

    4e2cce21d8b53dad540bc3cf28676436f896a32a

  • SHA256

    6cb68a9436555db343231d87302b29660a80a41a8e0139ad9bd67010efa8d904

  • SHA512

    4935866c3961a14904c1b3c6fb9a141d03fa222dd9d9eb5ff1b6d6dbb22099d640454f203d052f6091c987896ba8c3c2cdd560d7c1f8bc1b52ef8f22a6a8326f

  • SSDEEP

    196608:VoA+3n7KsWEQTUqX8dedyXw2peE+RE7e5pPKGuk9wc5j5VxzOql9axhqBpl34Iyd:uA+3n7WbUqaNoRE7oppukJVxzpl9arqE

Malware Config

Extracted

Family

laplas

C2

http://lpls.tuktuk.ug

Attributes
  • api_key

    a0f588021b58e0c7908a163f8750678efedf2a66bf739a12427b379aef47ccde

Targets

    • Target

      6cb68a9436555db343231d87302b29660a80a41a8e0139ad9bd67010efa8d904

    • Size

      10.0MB

    • MD5

      0b9d2831ef8b3b992ccd927eacda539c

    • SHA1

      4e2cce21d8b53dad540bc3cf28676436f896a32a

    • SHA256

      6cb68a9436555db343231d87302b29660a80a41a8e0139ad9bd67010efa8d904

    • SHA512

      4935866c3961a14904c1b3c6fb9a141d03fa222dd9d9eb5ff1b6d6dbb22099d640454f203d052f6091c987896ba8c3c2cdd560d7c1f8bc1b52ef8f22a6a8326f

    • SSDEEP

      196608:VoA+3n7KsWEQTUqX8dedyXw2peE+RE7e5pPKGuk9wc5j5VxzOql9axhqBpl34Iyd:uA+3n7WbUqaNoRE7oppukJVxzpl9arqE

    • Laplas Clipper

      Laplas is a crypto wallet stealer with three variants written in Golang, C#, and C++.

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks