MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 04b9511371c5609f35ae518adc99568a89c885b5a95bc2b16675a966622ddd67. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


LaplasClipper


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 04b9511371c5609f35ae518adc99568a89c885b5a95bc2b16675a966622ddd67
SHA3-384 hash: eaeecf6c15a7381a4370400da3d2ba5bea8748b08ad7b99e51eaba9b8611a6a6bb5d2e51a6f88713a359983b1f7aa7b0
SHA1 hash: c6ab78e7cccf7a12767e92179bee1bd053df8c0b
MD5 hash: 6c5537e40c31bc41aa3f5830af489c0c
humanhash: purple-tango-virginia-cold
File name:6c5537e40c31bc41aa3f5830af489c0c.exe
Download: download sample
Signature LaplasClipper
Create hunting rule
File size:6'759'424 bytes
First seen:2022-12-23 04:30:57 UTC
Last seen:2022-12-23 06:35:26 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash ce26abf4781cac630107d46b9c76d477 (5 x LaplasClipper, 2 x RaccoonStealer)
ssdeep 196608:XRdLGIuMjnEXdOCA+29gMG1wRegV1echKymA:XR8cjnYdxA3GuR1hKyX
Threatray 453 similar samples on MalwareBazaar
TLSH T17266237302691040F0E58D3E913BFDE972F643694F829CBCA6F76DC029526A6E623D53
TrID 27.1% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
20.8% (.EXE) Win16 NE executable (generic) (5038/12/1)
18.6% (.EXE) Win32 Executable (generic) (4505/5/1)
8.5% (.ICL) Windows Icons Library (generic) (2059/9)
8.3% (.EXE) OS/2 Executable (generic) (2029/13)
Reporter abuse_ch
Tags:exe LaplasClipper

Intelligence

File Origin
# of uploads :
2
# of downloads :
169
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
6c5537e40c31bc41aa3f5830af489c0c.exe
Verdict:
Suspicious activity
Analysis date:
2022-12-23 04:41:05 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/ada090aa-225c-4a00-a5b3-80033e613ed5

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection(s):
SecuriteInfo.com.Variant.Lazy.274925.20364.30725.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file in the %AppData% subdirectories
Сreating synchronization primitives
Launching a process
Creating a process with a hidden window
Creating a process from a recently created file
Query of malicious DNS domain
Enabling autorun by creating a file
Sending an HTTP GET request to an infection source
Verdict:
No Threat
Threat level:
  2/10
Confidence:
100%
Tags:
greyware packed shell32.dll
Link:
https://www.filescan.io/uploads/63a52f0a779e491a53b2eb4d/reports/4c95b8e2-4c5d-4584-b701-8a9367c8a17d/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/b4ffc5b8-3c18-4897-a16a-5c60fa664207
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
88 / 100
Link:
https://www.joesandbox.com/analysis/1139816
Signature
Antivirus detection for URL or domain
Machine Learning detection for sample
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Overwrites code with unconditional jumps - possibly settings hooks in foreign process
PE file contains section with special chars
Snort IDS alert for network traffic
Uses schtasks.exe or at.exe to add and modify task schedules
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/04b9511371c5609f35ae518adc99568a89c885b5a95bc2b16675a966622ddd67/
Threat name:
Win32.Trojan.Tasker
Create hunting rule
Status:
Malicious
First seen:
2022-12-22 21:21:28 UTC
File Type:
PE (Exe)
Extracted files:
1
AV detection:
23 of 26 (88.46%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=as4vce3ryvqj6nnokgfnzgkwrke4rbnvvfn4fmlgowuwmyrn3vtq._file
Verdict:
malicious
Label(s):
raccoon
Create hunting rule
Similar samples:
1e5c7dcfbe4a1e9da06229b4512229c463b0268832b9cb6cdb35a1153963be37
LaplasClipper
5b7a79d50086676bb8e97ca708c5f252a1690c4c473b8621ef31ae91b6e57329
LaplasClipper
6b8dac8326076b76369a8eb4e316a86a7663b597aeffe89b35e86c02aa5df4c0
LaplasClipper
8b504851d102cabc8e046c5feae0ad40fcac47d0918d90476a4005f2d79c667f
LaplasClipper
8ebf0acdd1d2164ca7f33b1129c1975edd0206e8bbccd3f3411baf7834768c3e
LaplasClipper
a3605eee1c54709d3a2cbc363d024e07c2e65d5cc080ff77a243920f8033f451
LaplasClipper
d72645347b3fa6134cc416b6b9d73eec9d4ef2af4dbf26c6b91da795144c394c
LaplasClipper
+ 443 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/221223-e5ewgafh35/
Behaviour
Creates scheduled task(s)
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Checks computer location settings
Executes dropped EXE
Unpacked files
SH256 hash:
179b4589857551038c0a434f0a6e44a4c34efa3a06b6b2f69b108c8b8d1a637d
MD5 hash:
3bc94c33a801f1df7da25af60081f4e6
SHA1 hash:
d2a2e3766b0ac92a1b768ac8c44d4c1368ac6335
Link:
https://www.unpac.me/results/bbd91492-36b7-461d-969a-59a9f07df35c/
SH256 hash:
04b9511371c5609f35ae518adc99568a89c885b5a95bc2b16675a966622ddd67
MD5 hash:
6c5537e40c31bc41aa3f5830af489c0c
SHA1 hash:
c6ab78e7cccf7a12767e92179bee1bd053df8c0b
Link:
https://www.unpac.me/results/bbd91492-36b7-461d-969a-59a9f07df35c/
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/04b9511371c5/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/04b9511371c5609f35ae518adc99568a89c885b5a95bc2b16675a966622ddd67

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

LaplasClipper

Executable exe 04b9511371c5609f35ae518adc99568a89c885b5a95bc2b16675a966622ddd67

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/2469977/
  
Delivery method
Distributed via web download

Comments