Dosya Kimligi
| SHA256 | 3e41726d0ade4f37a7af4fcc01e52abc2d2cdad1e55d5dfa3c80a8a66d4e1dce |
|---|---|
| Boyut | 8.192 byte — minimal clipper |
| Platform | .NET (C# — k__BackingField compiler output) |
| String Sayisi | 172 |
Teknik Mekanizma
Strings bulunanlari: _runMutex -- Tek ornek mutex (process sentinel) Clipboard -- System.Windows.Forms.Clipboard API AddressRegex -- Wallet adres regex paterni AddressEvaluator -- Regex callback fonksiyonu GetAddress -- Clipboard adresi okuma metodu set_AddressRegex -- Regex atama property Replace -- String.Replace ile degistirme address -- Genel adres referanslari
Clipper Akisi
- Proses baslatilir,
_runMutexile tek ornek saglanir - Clipboard degisikliklerini izler (WM_CLIPBOARDUPDATE veya timer)
AddressRegexile BTC/ETH/USDT/TRX/SOL adres paterni aranirAddressEvaluatorile regex eslesmesi cagrilir- Eslesen adres saldirganin hardcoded cuzdan adresiyle degistirilir
Hedef Kripto Para Birimleri
Laplas Clipper, piyasadaki en kapsamli clipper servislerinden biridir. BTC, ETH, BNB, XMR, LTC, DOGE, SOL, TRX, USDT (TRC20/ERC20/BEP20), XRP, ADA ve 50+ kripto para adres formatini destekler.
Laplas Hakkinda
Laplas Clipper, 2022 yilinda underground forumlarda satisa sunulan bir MaaS hizmetidir. Panel uzerinden konfigure edilir; her musteri farkli hedef cuzdan adresleri ile ayarlanmis instance alir. .NET ile yazilmistir, minimal boyutu (8KB) sayesinde diger malware ailelerinin payload'una kolayca eklenir.
IOC
| SHA256 | 3e41726d0ade4f37a7af4fcc01e52abc2d2cdad1e55d5dfa3c80a8a66d4e1dce |
|---|---|
| Mutex | _runMutex |
| Teknik | Regex tabanlı clipboard hijacking |
| Platform | .NET (C#) |
LaplasClipper — Malware Profile
LaplasClipper. clipper.guru C2. ApiKey config. Clipboard pano hijack. 8KB minimal binary.
Capabilities & Behavior
IOC List (1 indicators)
# SHA256
3e41726d0ade4f37a7af4fcc01e52abc2d2cdad1e55d5dfa3c80a8a66d4e1dce
| Type | Value | Note |
|---|---|---|
| sha256 | 3e41726d0ade4f37a7af4fcc01e52abc2d2cdad1e55d5dfa3c80a8a66d4e1dce |
C2 Servers (2 recorded servers for this family)
| Address | Type | Port | Protocol | Status | Country |
|---|---|---|---|---|---|
| clipper.guru | domain | 443 | HTTPS | inactive | — |
| clipper.guru | domain | 443 | HTTPS | inactive | — |
C2 addresses are provided only from malware samples manually verified by the KEYDAL team. Commercial use is prohibited.