Extracted

Extracted

• • Target

    9f4ce33d97541861fc70b51c66250809.exe

  • Size

    368KB

  • MD5

    9f4ce33d97541861fc70b51c66250809

  • SHA1

    6ada4f4cb0fc32e21a1b67c49261312fd5c00511

  • SHA256

    4598f17c42e3fa2259e57d1e4732ad6847a6b3469114a1d37112a8fca6ba748b

  • SHA512

    755bf07375451b30b5458d8dbe045acbcfe2ea03a8573deb625de5b4aac51a0a13ef64a82b5919219d750b53d998bc17401755b6f1da98a2396d0ffb99c2b008

  • SSDEEP

    6144:UIbeYKQ5AiNfZeSxNZtH07n2r2ICUXpjizWu9re5GOC5:UKeY3HNBNjINwwC2iC5

  Score

  10^/10

  vidare749025c61b2caca10aa829a9e1a65a1stealerlaplasclipperdiscoverypersistencespywareupx

  • Laplas Clipper

    Laplas is a crypto wallet stealer with three variants written in Golang, C#, and C++.

    stealerclipperlaplas

  • Vidar

    Vidar is an infostealer based on Arkei stealer.

    stealervidar

  • Downloads MZ/PE file

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Accesses 2FA software files, possible credential harvesting

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2