Extracted

Extracted

• • Target

    5ebf7acf9b61ece7c232ebbc13bf71e4078f38faf4477427851ceb6ef23f0ada

  • Size

    308KB

  • MD5

    8cecba2fd655a1392e7d5170c78bc4b1

  • SHA1

    a17761045e791e2d32aab90613a530f32c3cfd55

  • SHA256

    5ebf7acf9b61ece7c232ebbc13bf71e4078f38faf4477427851ceb6ef23f0ada

  • SHA512

    5dd815dc9196f6af11a48a38c3ce9e58bbc62ecdbac26284942977e4db5dee21870240895b0f3b3bdf851b7001565ea046f9e04102bbd231b50bf0b72e871248

  • SSDEEP

    6144:LMV49ai/sGQFE91s8lAfhloE2fWMFnMlj3+gbuW+jwIUJHEQhA1JxwH3:LMV49NsPFt8lAplpM9MhOgr+jwIylh42

  Score

  10^/10

  laplasvidare749025c61b2caca10aa829a9e1a65a1clipperdiscoverypersistencespywarestealerupx

  • Laplas Clipper

    Laplas is a crypto wallet stealer with three variants written in Golang, C#, and C++.

    stealerclipperlaplas

  • Vidar

    Vidar is an infostealer based on Arkei stealer.

    stealervidar

  • Downloads MZ/PE file

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Accesses 2FA software files, possible credential harvesting

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1