Extracted

• • Target

    file.exe

  • Size

    231KB

  • MD5

    ebb91f36dddcc249a0a99fe6c91b3327

  • SHA1

    46823571b6adc8278ae0031ee8843a67cb8eda47

  • SHA256

    42a55a367750fc5e5c7583b413d02166bd5fccfc48c124e35d650b1878f25bd9

  • SHA512

    ee575500efc7cab52802b5936dc92eb5effb157987b24fe3190957c69a544fd2c37016fa3a6e8c3f5cf79e90454290b71872f9453eeb4d1521302175fbe57460

  • SSDEEP

    3072:wXUhQztlGtv5H3IboGhDuqaoBHZ9AWoKIJaBnS0sztA4lmS/r+KWVOAg0FujDFkF:MzM54bisZ9ACIQBgz/ldnAOtsv

  Score

  10^/10

  laplasclipperpersistencestealer

  • Laplas Clipper

    Laplas is a crypto wallet stealer with three variants written in Golang, C#, and C++.

    stealerclipperlaplas

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence
  behavioral1behavioral2