General
-
Target
tmp
-
Size
3.0MB
-
Sample
231029-nc45bsfe5w
-
MD5
02208e4168793ef72942aa31c1ae8642
-
SHA1
449b579d0b642ca43419c0687cc799afe5aa9194
-
SHA256
22b198c5fc1e073ef00fc7a44ca20db5f44630f4e0e746abcf2060207d7129d9
-
SHA512
f50be51f1ff3da3da34d4c819021686842d024476993031e56313fde1aded427e9e81d0cb2956c98d29839fac140597a8e1b1cbd89a58c481be70ce88ce5507f
-
SSDEEP
49152:MY5UqJTec/w5ashu/usRTe2WjCJILmGsO8ASotjEH10DwJ4mQDewL11TAjZVwyb:MYUqI5aPXZJIpsr7VrJ4zDHL11byb
Malware Config
Extracted
laplas
http://206.189.229.43
-
api_key
f52a5c9bc5eb2f51b22f04f3e85c301ac0170a650de6044773f0a8309fbdfb79
Targets
-
-
Target
tmp
-
Size
3.0MB
-
MD5
02208e4168793ef72942aa31c1ae8642
-
SHA1
449b579d0b642ca43419c0687cc799afe5aa9194
-
SHA256
22b198c5fc1e073ef00fc7a44ca20db5f44630f4e0e746abcf2060207d7129d9
-
SHA512
f50be51f1ff3da3da34d4c819021686842d024476993031e56313fde1aded427e9e81d0cb2956c98d29839fac140597a8e1b1cbd89a58c481be70ce88ce5507f
-
SSDEEP
49152:MY5UqJTec/w5ashu/usRTe2WjCJILmGsO8ASotjEH10DwJ4mQDewL11TAjZVwyb:MYUqI5aPXZJIpsr7VrJ4zDHL11byb
Score10/10-
Laplas Clipper
Laplas is a crypto wallet stealer with three variants written in Golang, C#, and C++.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-