Extracted

• • Target

    0a862ce47af25310f82df569077085d7.exe

  • Size

    2.6MB

  • MD5

    0a862ce47af25310f82df569077085d7

  • SHA1

    942ed7ab805c05b4e566156056f50f41c5883aab

  • SHA256

    a2ddb2901e7b54c98ad8eb17a8b2a019b344a8c459aa15b29b4fda8962931486

  • SHA512

    163996246fd143a651950a9c025b327210178f894e214284c57bf2f3a77699992803e63e5e080621d5840e1cd0155f60649e8a6e00dc5aca696a84948256ea22

  • SSDEEP

    49152:u5FxxOfxEu+vX22XptSVBNUd9kPZdBTy1tGnsQt/E4R4jYoj306sBcz2:uxYPElncYkZyMlE4Cjx7scz2

  Score

  10^/10

  laplasclipperpersistencespywarestealer

  • Laplas Clipper

    Laplas is a crypto wallet stealer with three variants written in Golang, C#, and C++.

    stealerclipperlaplas

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2