Extracted

Extracted

• • Target

    4c5c389d0f6cbdaf6fd89585559d71a37e061e7678aa1a5391d82657f8890569.exe

  • Size

    274KB

  • MD5

    04aa05a9a637cdc44240c6e1cda33acc

  • SHA1

    21c383fc380f4a523ff90398396ad97fe31f376a

  • SHA256

    4c5c389d0f6cbdaf6fd89585559d71a37e061e7678aa1a5391d82657f8890569

  • SHA512

    8ed6f4e78ce6f45db49706a5d5a42bb3237bab9741f4deadaf10a51d7bf1dbbe5292a0d9307b508f3a4c873b41fa2fe18ea5859a8eeb6b39ac95044ba4c29fd5

  • SSDEEP

    6144:21ea2GMpEl3Zcsmci25sndkzOYFwKBbvoEjypFm6QIBJ7ZuSyY80ZUE4UIn8zpF7:7a2GMpwbyLm6QIDZunYt2jUo8VFeixIA

  Score

  10^/10

  laplasredline@ididjsjsidclipperdiscoveryinfostealerpersistencespywarestealer

  • Laplas Clipper

    Laplas is a crypto wallet stealer with three variants written in Golang, C#, and C++.

    stealerclipperlaplas

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Downloads MZ/PE file

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Legitimate hosting services abused for malware hosting/C2

  behavioral1behavioral2