Extracted

• • Target

    1d6781892cee8a3c195490c7476e20e3a16b5c0e398a519d83849ca7d11e1c56-1

  • Size

    7.4MB

  • MD5

    156590a4560236d1fe20019c6babbc49

  • SHA1

    d9f5033f58f0fef0e8165b08c7a41f7b4b10a9fd

  • SHA256

    1d6781892cee8a3c195490c7476e20e3a16b5c0e398a519d83849ca7d11e1c56

  • SHA512

    9f4be44f2b4b3318fe48895c0221385d5cefd0303da5da51e6788cfc0eaecd7a3c3e5db4183e829114d68d3c89ce86d630096fa91318376f105d935f8e355cc0

  • SSDEEP

    196608:dZkKDdWzNLqrZQRcFE7qQGshXJbs0+XHeOeKpd:8WdoN2K97msvQD

  Score

  10^/10

  laplasclipperpersistencestealer

  • Laplas Clipper

    Laplas is a crypto wallet stealer with three variants written in Golang, C#, and C++.

    stealerclipperlaplas

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2