Extracted

• • Target

    file.exe

  • Size

    245KB

  • MD5

    ce0f1f85a927d457599097096d857bd2

  • SHA1

    4c368c5beb62227a21ef3e4c119646e06fa27da3

  • SHA256

    e7c00ab7a27a5edfe559c63dce0cf8091c62d5139b45ba895dc4a71a58b47f97

  • SHA512

    8bfddef4c458f0d79db769e554a6ca86f7db301530fc09d4cd01ec2bcbd2d4e903e91dc022987731168ec1a2ca10ac31db01df214924f526c85c2aa502b71304

  • SSDEEP

    3072:5QPbxBn1JYIYtNIGIVsng6gwBownWKotYEF8JY7FwZBHxFsLPdsfhVMAdJB:kbbotNIGIVsY7wWnn8JCFyFSQhCGJ

  Score

  10^/10

  laplasclipperpersistencestealer

  • Laplas Clipper

    Laplas is a crypto wallet stealer with three variants written in Golang, C#, and C++.

    stealerclipperlaplas

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence
  behavioral1behavioral2