Extracted

Extracted

• • Target

    Free-2O23_S0Ft__Se-tup.exe

  • Size

    730.3MB

  • MD5

    85a38f0f83dcd71f4024fa8f4bf9410a

  • SHA1

    263d357e11319518fa9279005430fadf10ae3eb0

  • SHA256

    8279812ab08bff33c9cc0286bdd17a440964f98aedce3d5c184527e9d1a97fdc

  • SHA512

    3eea7c9bb2bb2af9d5a4e05f7e30e92f7172cd1787685a1d62515f0be9de674174dc543bb16e7da80e1fb09bb2d2e18463f0f61fb5a9c7f99276da698dd87ee8

  • SSDEEP

    196608:tEZSGTKbYGgxc13v4BNIP1vYyXYox8YPZFxhiN779hiDmwg/EVdQ0n/:te9TKbYGgxCv4BN4DXXPC7iDm/cQU/

  Score

  10^/10

  raccoon467a953db8cf896cec6946f6144f8158discoveryspywarestealerlaplasclipperpersistence

  • Laplas Clipper

    Laplas is a crypto wallet stealer with three variants written in Golang, C#, and C++.

    stealerclipperlaplas

  • Raccoon

    Raccoon is an infostealer written in C++ and first seen in 2019.

    stealerraccoon

  • Downloads MZ/PE file

  • Drops file in Drivers directory

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Legitimate hosting services abused for malware hosting/C2

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  • Suspicious use of SetThreadContext

  behavioral1behavioral2