MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2a8e2ab611c7ea1a7c4e7b6fd50cef0a812ae4921a66d25106a039c90582ce29. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


LaplasClipper


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2a8e2ab611c7ea1a7c4e7b6fd50cef0a812ae4921a66d25106a039c90582ce29
SHA3-384 hash: c9121d0556a37251e8e806fbe4dcfc98e762c6de0134aa11c4ba90d2068508f2952efc828cc33abb8114f5849405c366
SHA1 hash: f43f83b11e6e4b850297443a30803f72cef99489
MD5 hash: 8d7cf73ce0624c89820492186e81268e
humanhash: california-bravo-carpet-early
File name:8d7cf73ce0624c89820492186e81268e.exe
Download: download sample
Signature LaplasClipper
Create hunting rule
File size:9'029'944 bytes
First seen:2023-01-23 18:33:21 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash d2e637ed1bcd508ce91b8158d27bbd28 (1 x RaccoonStealer, 1 x LaplasClipper)
ssdeep 196608:dCFM0/NuKzJqwRCCuNhH8DuSHVKiPxtgDe/3jyAan7Ftnl+6+GVp7:KMMsA3U4t1HDOAI7T7
Threatray 168 similar samples on MalwareBazaar
TLSH T15496336302A5504AC5E0AC3AC237BEE131F65A279E82EC7F67D93AD825714D5F203B53
TrID 42.7% (.EXE) Win32 Executable (generic) (4505/5/1)
19.2% (.EXE) OS/2 Executable (generic) (2029/13)
19.0% (.EXE) Generic Win/DOS Executable (2002/3)
18.9% (.EXE) DOS Executable Generic (2000/1)
Reporter abuse_ch
Tags:exe LaplasClipper

Intelligence

File Origin
# of uploads :
1
# of downloads :
225
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
8d7cf73ce0624c89820492186e81268e.exe
Verdict:
Malicious activity
Analysis date:
2023-01-23 18:35:19 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/a187404b-c7f3-470e-9cd5-29ee7b85202e

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/356018/
Result
Verdict:
Suspicious
Maliciousness:

Behaviour
Searching for the window
Sending a custom TCP request
Creating a file in the %AppData% subdirectories
Creating a process from a recently created file
Enabling autorun with the standard Software\Microsoft\Windows\CurrentVersion\Run registry branch
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/62537/overview
Behaviour
MalwareBazaar
Verdict:
Unknown
Threat level:
n/a  -.1/10
Confidence:
100%
Tags:
overlay packed
Link:
https://www.filescan.io/uploads/63ced31c2b351a3d0ea7f664/reports/bc96fdcf-c5c6-4011-be1d-63cbe31d0d6f/overview
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/dd051053-b3ae-4764-9a94-5acbc697e017
Result
Threat name:
Laplas Clipper
Create hunting rule
Detection:
malicious
Classification:
spyw.evad
Score:
72 / 100
Link:
https://www.joesandbox.com/analysis/1157488
Signature
Hides threads from debuggers
Multi AV Scanner detection for submitted file
Overwrites code with unconditional jumps - possibly settings hooks in foreign process
Tries to detect virtualization through RDTSC time measurements
Tries to evade analysis by execution special instruction (VM detection)
Yara detected Laplas Clipper
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/2a8e2ab611c7ea1a7c4e7b6fd50cef0a812ae4921a66d25106a039c90582ce29/
Gathering data
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=fkhcvnqry7vbu7copnx5kdhpbkasvzesdjtneuigua44sbmczyuq._file
Verdict:
malicious
Label(s):
raccoon
Create hunting rule
Similar samples:
20ac0c20a2ef71864092cdbcdb32bb637cf76abd2ebfc5b351a6c188b9dfd05d
LaplasClipper
712c853955c56e27e3e4538978fa89018cdc5e5f56944ea0da2fc1a672adc73c
LaplasClipper
a53f2bbe349eb40e02353375416cb15b0723606a9909b33f7930af9c82175fbf
LaplasClipper
b62f5066357d2dfc94dec4d902f68f6e9e98a19a9aea6fb70d2811de384fd7a1
LaplasClipper
c91e0e2bdcbfabbe34e3106b1f0efce7635b6a7ec07835fca4d16677feb39ea5
LaplasClipper
dc401554533938f33c0c6cf36246e4fc21dc687d2d3f2925bfa9f7d62a2c5fbe
LaplasClipper
+ 158 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
persistence
Link:
https://tria.ge/reports/230123-w7rrgsgc3x/
Behaviour
GoLang User-Agent
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Suspicious use of NtSetInformationThreadHideFromDebugger
Adds Run key to start application
Loads dropped DLL
Executes dropped EXE
Unpacked files
SH256 hash:
04ed23477abd532b753a0f597215dac32b952a46d180360027127744e6d1b348
MD5 hash:
0561f4ddbf5af0125a799a520aed7ceb
SHA1 hash:
33ba9bc68f97b0de183727cf8e0c961fb6bbbd47
Link:
https://www.unpac.me/results/b43c1286-3dda-422f-86cd-da10ff56654d/
SH256 hash:
2a8e2ab611c7ea1a7c4e7b6fd50cef0a812ae4921a66d25106a039c90582ce29
MD5 hash:
8d7cf73ce0624c89820492186e81268e
SHA1 hash:
f43f83b11e6e4b850297443a30803f72cef99489
Link:
https://www.unpac.me/results/b43c1286-3dda-422f-86cd-da10ff56654d/
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/2a8e2ab611c7/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/2a8e2ab611c7ea1a7c4e7b6fd50cef0a812ae4921a66d25106a039c90582ce29

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

LaplasClipper

Executable exe 2a8e2ab611c7ea1a7c4e7b6fd50cef0a812ae4921a66d25106a039c90582ce29

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/2512360/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/356018/

Comments