Extracted

Extracted

• • Target

    setup.exe

  • Size

    470KB

  • MD5

    ddab7e661ea7e21ffeb5734215f57ae4

  • SHA1

    0fe903952c84f4ac149d499e3520b8c36f30059a

  • SHA256

    9d32dcd66ddeff3c376b08f6c76d28a3b577eebc2f0d8b9ba1781109ec3d6c62

  • SHA512

    7cb9f4983c5b46853a13f4f30669aa19703dd9fd724d7274f5775201e865b0f9027a6fe9c1c3726948d35b2be093a2e878b247eda2e493961ce5b62f03db5c74

  • SSDEEP

    6144:ThNurJhw3quvV0W17a8TLD9fg3atx6yAH9K0y231HzJbVnTyGhFCGclxi:ThSJy1vV087a2Dhg3atIE0y23pGGh

  Score

  10^/10

  vidare749025c61b2caca10aa829a9e1a65a1spywarestealerlaplasclipperdiscoverypersistenceupx

  • Laplas Clipper

    Laplas is a crypto wallet stealer with three variants written in Golang, C#, and C++.

    stealerclipperlaplas

  • Vidar

    Vidar is an infostealer based on Arkei stealer.

    stealervidar

  • Downloads MZ/PE file

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Accesses 2FA software files, possible credential harvesting

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2