Extracted

Extracted

• • Target

    fe2457d4da43adde492576a91398086e.exe

  • Size

    8.6MB

  • MD5

    fe2457d4da43adde492576a91398086e

  • SHA1

    8c7c1efd47044f1d31cee78ea6c73df1a9296dea

  • SHA256

    82a5d382c3b4fe2e17f09af36df20f1e53bb8b712ca6f7af9a15861b38f91f24

  • SHA512

    b16fcdf02fe6e9f148d40cc04529840c98065bc2b69e144ff33e82c8285134b3e2c5e832c659132f8a99885e2b02589e2474f4d93b3bcef750ea1f2a64ffaf1a

  • SSDEEP

    49152:pKnK6YN8UMtKNKogIHvueIxgfSZJxUu3INODRUgeCseICR7NWm8qpHakXvLQh0/o:on1YN8dKNcJxtISeCrXv0W/qpDRX5L

  Score

  10^/10

  laplasredlinefmclipperinfostealerstealer

  • Laplas Clipper

    Laplas is a crypto wallet stealer with three variants written in Golang, C#, and C++.

    stealerclipperlaplas

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Suspicious use of SetThreadContext

  behavioral1behavioral2