Extracted

• • Target

    0e2fa72cd19bc484f791b0564c1478f98bc48617ff2f5d5c2044ed366bac47e5

  • Size

    245KB

  • MD5

    d096c3547b2e9504e901a6f4fa8182ff

  • SHA1

    a47548d97243c6b4f1da6eafa4b04b9680550c4c

  • SHA256

    0e2fa72cd19bc484f791b0564c1478f98bc48617ff2f5d5c2044ed366bac47e5

  • SHA512

    384e4027f3962c83a16cdd1c7cd2bd321b6b907b277ab7fc800dbc122f6c6d77be6d3b5fece733e289b3fd465c784c15c083a7aa0997269f0ee835071230b913

  • SSDEEP

    3072:s4+jInFEILs27jLFC9dKCOgM6CDBG6SRctXyfmC33T3XPnKTKj+/U1UowyQSt23L:8GaI9adZ9cFSRctXIzHPRb1UEQSt23M

  Score

  10^/10

  laplasclipperpersistencestealer

  • Laplas Clipper

    Laplas is a crypto wallet stealer with three variants written in Golang, C#, and C++.

    stealerclipperlaplas

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Adds Run key to start application

    persistence
  behavioral1