LaplasClipper Malware Analysis from ANY.RUN: retrieving the config

DUBAI, UAE, July 24, 2023/EINPresswire.com/ — ANY.RUN, a cybersecurity company developing an interactive sandbox analytical platform for malware researchers, presents the LaplasClipper Malware Analysis.

???? ?? ????????????? ????????

LaplasClipper, as its name implies, is a clipper variant. Its primary malicious function is to monitor the user’s clipboard (T1115). Attackers typically use it to swap out cryptocurrency addresses with ones they control. When users paste the address into a wallet to transfer funds, it’s the attacker’s address that receives them.

??? ??????

ANY.RUN has dissected a fresh malware sample from the LaplasClipper family, developed on the .NET platform and obfuscated using Babel.

In the process of research, ANY.RUN has uncovered the sample’s internal settings, examined some techniques leveraged by the obfuscator to complicate the sample analysis, and outlined strategies to counter them.

ANY.RUN findings provide a solid understanding of the fundamental principles of protective mechanisms on the .NET platform. It’s critical to recognize that even the most complex protective methods rest on basic concepts, which are essential to understand and identify.

Read more with the code & script examples in the article at ANY.RUN.

Vlada Belousova
ANYRUN FZCO
2027889264
email us here
Visit us on social media:
Twitter
YouTube