Extracted

Extracted

• • Target

    trial_vegasedit20_dlm_z72jp2.exe

  • Size

    6.0MB

  • MD5

    d972ff5f4d61d431fecab867a52b0826

  • SHA1

    13a0df9e547c410b7b56dd906357c6d9821ce82c

  • SHA256

    5df1df35a5e9aac1ad39a2dd57fa998d715f27079b7a63c9832597a2d72f1949

  • SHA512

    052667efefc4a911bf5c058ff0fbc0c52a87f253303bc55f6dc674689a6f87f7be0fcf7dbc61c24a83c051b501d7520e5e08723bebbb84a6fb9261abea1558b4

  • SSDEEP

    98304:J/lBI0kkvsx20xjBteQFelhjTtJuTA76Yn87Tm6saDN:J/7vsx20xdoQulSA7jnszzD

  Score

  10^/10

  laplasvidarxmrig3a8269adbf2982cc1c6703fbf87bdce7clipperevasionminerpersistencespywarestealertrojan

  • Laplas Clipper

    Laplas is a crypto wallet stealer with three variants written in Golang, C#, and C++.

    stealerclipperlaplas

  • Suspicious use of NtCreateUserProcessOtherParentProcess

  • Vidar

    Vidar is an infostealer based on Arkei stealer.

    stealervidar

  • xmrig

    XMRig is a high performance, open source, cross platform CPU/GPU miner.

    minerxmrig

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • XMRig Miner payload

    miner

  • Downloads MZ/PE file

  • Stops running service(s)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Accesses 2FA software files, possible credential harvesting

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks whether UAC is enabled

    evasiontrojan

  • Legitimate hosting services abused for malware hosting/C2

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  • Suspicious use of SetThreadContext

  behavioral1behavioral2