Extracted

• • Target

    2c5d05c4b6001bbdaede43124cb0aceab4ea859f1a736fe4c9cea937dc358a55

  • Size

    296KB

  • MD5

    e0c0e847c24671913566845bc42d4d21

  • SHA1

    64030b484efab720111d757c9c4d483b715912a3

  • SHA256

    2c5d05c4b6001bbdaede43124cb0aceab4ea859f1a736fe4c9cea937dc358a55

  • SHA512

    e1e0a9e1188e8b5f867b67051448176e46cbd840b30a5e6a3075584c29a3fe7103ed8f2f0e0740cdaf058ad0350f56a21df9e0de140edf057c8d25c2be34fe2f

  • SSDEEP

    3072:i0mdBgcLsjG4Feju7cE3RlCDN3+2vYOlIPDty/4aRaeyqKNriMputupwyZitJBuM:DygcLsi4QubLS+7O6PDtydaeo3umeu

  Score

  10^/10

  laplasclipperdiscoverypersistencespywarestealer

  • Laplas Clipper

    Laplas is a crypto wallet stealer with three variants written in Golang, C#, and C++.

    stealerclipperlaplas

  • Downloads MZ/PE file

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1