Extracted

• • Target

    auto.exe

  • Size

    4.3MB

  • MD5

    ddac8c4023deb11c8640fca3c9313113

  • SHA1

    396f984beea94dd6f1e59218cacfff3836ee8521

  • SHA256

    fd1b90ab20f012a6132f7f059f73032b279739f29217e331b947c984a4172b05

  • SHA512

    2fb5f51ce4ac4494d4811207c6ba29fd1a1d8b1a2e52771f5567fbb37bc71d8e5b2b8f349bfccd87e91f4d28b9cff10f6b3e134dc98de62faab92b1eab2f1280

  • SSDEEP

    98304:lAyd60OW0mP1Q6Ul5ZTeDWsAL3Kc3SLcxIVbYzR0nP6QdB8:Cf051lUXUDMKcCL0Eb4R

  Score

  10^/10

  laplasclipperevasionpersistencestealertrojan

  • Laplas Clipper

    Laplas is a crypto wallet stealer with three variants written in Golang, C#, and C++.

    stealerclipperlaplas

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Checks whether UAC is enabled

    evasiontrojan

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2