Extracted

• • Target

    7f167b28d9c7abdc22f28b869ff375d421d6bbe12ccbc8299d16d4fbea022315.exe

  • Size

    2.6MB

  • MD5

    71a0ca15307459ac022cc94745b4e4d6

  • SHA1

    08203769381e9b2593cb4dc525f4bf166892abc5

  • SHA256

    7f167b28d9c7abdc22f28b869ff375d421d6bbe12ccbc8299d16d4fbea022315

  • SHA512

    664c0cd101a8d3ad67c1c943c23eaeaf095a700e9c1d7d8e07893b3628a06d7c80af233c6f38f2f6cd4110df3830914f4a641362f211bd3c9e7ec27e39c0d2d4

  • SSDEEP

    49152:IBJ+lPvy/ydUPzMTwt5whOO0BaRPu/TBHXCzjXSZfofdZo6qNx:yMlo1YD+aRPoTB38jlfdZo/Nx

  Score

  10^/10

  spywarelaplasclipperpersistencestealer

  • Laplas Clipper

    Laplas is a crypto wallet stealer with three variants written in Golang, C#, and C++.

    stealerclipperlaplas

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2