Extracted

Extracted

• • Target

    21cbc38776a465e3bee495836a934a02.bin

  • Size

    1.3MB

  • MD5

    21cbc38776a465e3bee495836a934a02

  • SHA1

    b2f6acdae49a84632ef913aea33ccf9949de2338

  • SHA256

    86f5b4f32c68f9337a19363da77d77b6275923da37d2e4144b8f0740620fd3ac

  • SHA512

    8c725fb36de9400d24a8bac0fb5c96370faadce81e0d0c2173f594a5b0288712b1b63c3691566707be67f368cec6a0649bbdbbaa51dcebd3703e8aa9bc7022f2

  • SSDEEP

    24576:nrB7SdV5WjDB/ncHlUP0jW62JC1HTK75FmfVcseNPwMv4:nqlnjW5QmPJv4

  Score

  10^/10

  laplasredline@cryptocodiclipperdiscoveryinfostealerpersistencespywarestealer

  • Laplas Clipper

    Laplas is a crypto wallet stealer with three variants written in Golang, C#, and C++.

    stealerclipperlaplas

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Downloads MZ/PE file

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Legitimate hosting services abused for malware hosting/C2

  • Drops file in System32 directory

  behavioral1behavioral2