MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 015151bd2d2bfb88389899bfac44b0e17a28db00abc8e1463058d84de40b1925. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


LaplasClipper


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 015151bd2d2bfb88389899bfac44b0e17a28db00abc8e1463058d84de40b1925
SHA3-384 hash: 23f731c085cfb5943ea08acc33c29adbe3b707a4d931f1130b2f341d551f9f713ae219c5bf32ef8c61819dbec7b779e1
SHA1 hash: 7af29257d77bab7ed5a70293abe44da3c1c10c37
MD5 hash: c39fec313f716b37b80ccf946ef5cc83
humanhash: sixteen-enemy-fourteen-cup
File name:SecuriteInfo.com.Other.Malware-gen.25698.21095
Download: download sample
Signature LaplasClipper
Create hunting rule
File size:3'936'256 bytes
First seen:2023-03-16 18:30:25 UTC
Last seen:Never
File type:Microsoft Software Installer (MSI) msi
MIME type:application/x-msi
ssdeep 49152:LpUPlOPlQRNDP9nqI5KKs2p8iYu9ap7QqKHKG+n2H6h1Ug:LpTt4NDVPKB2vinG8n2Hs
TLSH T1AE0623913340C326EA6BDC305E57839D9259ECA4EA207C47E2A4F7DF463ABC25EE5710
TrID 98.2% (.MSI) Microsoft Windows Installer (454500/1/170)
1.7% (.) Generic OLE2 / Multistream Compound (8000/1)
Reporter SecuriteInfoCom
Tags:LaplasClipper msi

Intelligence

File Origin
# of uploads :
1
# of downloads :
82
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/374875/
Detection(s):
SecuriteInfo.com.Other.Malware-gen.25698.21095.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
CAB expand.exe fingerprint greyware installer keylogger packed shell32.dll
Link:
https://www.filescan.io/uploads/64136069c60b3295f52b63fd/reports/8a021f99-cdc8-4d11-bf1a-283931c40e25/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/015151bd2d2bfb88389899bfac44b0e17a28db00abc8e1463058d84de40b1925
Result
Verdict:
MALICIOUS
Link:
https://labs.inquest.net/dfi/sha256/015151bd2d2bfb88389899bfac44b0e17a28db00abc8e1463058d84de40b1925
Result
Threat name:
Unknown
Detection:
malicious
Classification:
troj
Score:
68 / 100
Link:
https://www.joesandbox.com/analysis/1195253
Signature
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic
Yara detected Generic Downloader
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 828169 Sample: SecuriteInfo.com.Other.Malw... Startdate: 16/03/2023 Architecture: WINDOWS Score: 68 32 Snort IDS alert for network traffic 2->32 34 Multi AV Scanner detection for dropped file 2->34 36 Multi AV Scanner detection for submitted file 2->36 38 Yara detected Generic Downloader 2->38 8 msiexec.exe 3 10 2->8         started        11 msiexec.exe 5 2->11         started        process3 file4 26 C:\Windows\Installer\MSIA9A0.tmp, PE32 8->26 dropped 13 msiexec.exe 5 8->13         started        process5 process6 15 expand.exe 8 13->15         started        18 icacls.exe 1 13->18         started        20 Bpznb.exe 2 13->20         started        file7 28 C:\Users\user\AppData\...\Bpznb.exe (copy), PE32 15->28 dropped 30 C:\...\621a6b98e0a7294da0d00454fc571734.tmp, PE32 15->30 dropped 22 conhost.exe 15->22         started        24 conhost.exe 18->24         started        process8
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/015151bd2d2bfb88389899bfac44b0e17a28db00abc8e1463058d84de40b1925/
Threat name:
Win32.Spyware.Stealc
Create hunting rule
Status:
Suspicious
First seen:
2023-03-16 12:16:21 UTC
File Type:
Binary (Archive)
Extracted files:
42
AV detection:
9 of 24 (37.50%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=afivdpjnfp5yqoeytg72yrfq4f5crwyavpeocrrqldme3zaldesq._file
Result
Malware family:
laplas
Create hunting rule
Score:
  10/10
Tags:
family:laplas clipper discovery spyware stealer
Link:
https://tria.ge/reports/230316-w525facc79/
Behaviour
Checks SCSI registry key(s)
Checks processor information in registry
Modifies data under HKEY_USERS
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Uses Volume Shadow Copy service COM API
Drops file in Windows directory
Suspicious use of SetThreadContext
Checks installed software on the system
Enumerates connected drives
Executes dropped EXE
Loads dropped DLL
Modifies file permissions
Reads user/profile data of web browsers
Downloads MZ/PE file
Laplas Clipper
Malware Config
C2 Extraction:
http://193.233.20.134
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/015151bd2d2b/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/015151bd2d2bfb88389899bfac44b0e17a28db00abc8e1463058d84de40b1925

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

LaplasClipper

Microsoft Software Installer (MSI) msi 015151bd2d2bfb88389899bfac44b0e17a28db00abc8e1463058d84de40b1925

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/2573649/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/374875/

Comments