Extracted

• • Target

    6227df9ce53429b024cb2fa118a7a735ec1c048117cb1a46247e92f1b839814f

  • Size

    5.9MB

  • MD5

    aa57f0d7a099773175006624cc891b29

  • SHA1

    44598d94dac6e9c72ffe65f9e17cf77c2c73e6fe

  • SHA256

    6227df9ce53429b024cb2fa118a7a735ec1c048117cb1a46247e92f1b839814f

  • SHA512

    e0fff8e7d8de1dc5b3d84bdea90828f9739499183aabb11eb5b7600af132f8fa0569bc49d4ca21ec5df925482ec2149d0134a88a4e8a632cb0326444a6bc31b0

  • SSDEEP

    98304:5fsK1JWzYls9x4CwqEZSK84oBfrNy+yvsHrj0XXrmca/mDU9vf2eESEGMeNR:hbJWzY4x4Tq7Kx4ybsHEnrmyg9vsSEps

  Score

  10^/10

  laplasclipperpersistencestealer

  • Laplas Clipper

    Laplas is a crypto wallet stealer with three variants written in Golang, C#, and C++.

    stealerclipperlaplas

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2