Extracted

Extracted

Extracted

• • Target

    cartzzmwe.png

  • Size

    44KB

  • MD5

    ca42e9d9a07e1e1502d993aa9fa2f98f

  • SHA1

    b40ba1165ef25fa49d645cbf20db2af60b1aa10e

  • SHA256

    75af6b58996d2c3c8371be7c86ddc4ce5a9b3225f78400720a4b1505c0e2d3c2

  • SHA512

    338419e2721038034eaa5d032987e1eae6ef0b312a49c3c4362ad78e5b52441250d860a3139b87803a7d0a6ea46f3871e652f6a2807e45a55d99d677685394e4

  • SSDEEP

    768:KtXWxxb2xRGRHffbevMspE+ErJGWD1fTYpxisvk7sWj+K0JnuG8u9BNbL003Pr:oXWxB2RGRHnbKMT+ErJG81fT7ck7sU+/

  Score

  10^/10

  laplasraccoonredlinezloader021bb31704eba1fb46f474cdcb5b2a57@faketokyobotnetclipperinfostealerpersistencespywarestealertrojan

  • Laplas Clipper

    Laplas is a crypto wallet stealer with three variants written in Golang, C#, and C++.

    stealerclipperlaplas

  • Raccoon

    Raccoon is an infostealer written in C++ and first seen in 2019.

    stealerraccoon

  • Raccoon Stealer payload

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Zloader, Terdot, DELoader, ZeusSphinx

    Zloader is a malware strain that was initially discovered back in August 2015.

    trojanbotnetzloader

  • Blocklisted process makes network request

  • Downloads MZ/PE file

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  • Legitimate hosting services abused for malware hosting/C2

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  • Suspicious use of SetThreadContext

  behavioral1