MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 322787eaae64efff2b1a5fc2e8d7f4b9b1ad44fb075cf082ade1b2a7c5ded76e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


LaplasClipper


Vendor detections: 13


Intelligence 13 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 322787eaae64efff2b1a5fc2e8d7f4b9b1ad44fb075cf082ade1b2a7c5ded76e
SHA3-384 hash: 6f1349cd7d67bea1c3a0f30443392c07c8f0f50570190ce8bb98841d6919065741c97fda59ab516fbd7959869cafd3ec
SHA1 hash: e6c5e9ea9a0634722d2842d274870d8ceff7ff43
MD5 hash: 6bdd7747ce0c482573958130ca93d1ef
humanhash: ohio-thirteen-mike-xray
File name:yuki4onna.exe
Download: download sample
Signature LaplasClipper
Create hunting rule
File size:6'059'288 bytes
First seen:2022-12-12 12:08:56 UTC
Last seen:2022-12-12 13:35:50 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 5780e08c9c78220a0c99027a41bbbfa4 (2 x LaplasClipper)
ssdeep 98304:Bs4j1PRaSQasZMIJblDH4Mdf4HTNCxbKj4v2ol6LmXg717+uqivWzC3tO4JNxlfI:VPRiasqIhlLfdoT80ZD622itz9F4
TLSH T1BE5623B39315104AD5DADC328537BDD032FA1B6D8781B9B4A9DEBAE638331D1A203D53
TrID 40.3% (.EXE) Win64 Executable (generic) (10523/12/4)
19.3% (.EXE) Win16 NE executable (generic) (5038/12/1)
17.2% (.EXE) Win32 Executable (generic) (4505/5/1)
7.7% (.EXE) OS/2 Executable (generic) (2029/13)
7.6% (.EXE) Generic Win/DOS Executable (2002/3)
File icon (PE):PE icon
dhash icon b8e2e3e3e3a3a291 (2 x RedLineStealer, 1 x LaplasClipper)
Reporter tcains1
Tags:exe LaplasClipper signed

Code Signing Certificate

Organisation:Acer Nitro 5 AN517-52 [AN515-52-77M3]
Issuer:Acer Nitro 5 AN517-52 [AN515-52-77M3]
Algorithm:sha1WithRSAEncryption
Valid from:2022-12-05T19:35:19Z
Valid to:2032-12-06T19:35:19Z
Serial number: 7164aee275ec6f9d4dd9f4143b06c60f
Intelligence: 6 malware samples on MalwareBazaar are signed with this code signing certificate
Thumbprint Algorithm:SHA256
Thumbprint: cea2c432e39845af16c6ac14ba5d48df83f4d09f7c4f4fa671bcef6cd4cd112b
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin
# of uploads :
2
# of downloads :
206
Origin country :
US US
Vendor Threat Intelligence
Malware family:
raccoon
Create hunting rule
ID:
1
File name:
SoftwareSetupFile.exe
Verdict:
Malicious activity
Analysis date:
2022-12-12 12:02:30 UTC
Tags:
trojan raccoon recordbreaker loader
Link:
https://app.any.run/tasks/28d96885-308d-4de5-973b-a30feb2a8173

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/345416/
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.64081579.23045.4631.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for the window
Creating a file in the %AppData% subdirectories
Running batch commands
Launching a process
Creating a file
Enabling autorun by creating a file
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
greyware overlay packed
Link:
https://www.filescan.io/uploads/639719e00c6473d1671a9e47/reports/a0ebc491-cf89-418f-b67b-3090dd81ec8e/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/95ece242-d41e-4ded-bda0-3f31c4bc3fd1
Result
Threat name:
Laplas Clipper
Create hunting rule
Detection:
malicious
Classification:
spyw.evad
Score:
96 / 100
Link:
https://www.joesandbox.com/analysis/1132597
Signature
Antivirus detection for URL or domain
Machine Learning detection for sample
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Overwrites code with unconditional jumps - possibly settings hooks in foreign process
Snort IDS alert for network traffic
Tries to detect virtualization through RDTSC time measurements
Uses schtasks.exe or at.exe to add and modify task schedules
Yara detected Laplas Clipper
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/322787eaae64efff2b1a5fc2e8d7f4b9b1ad44fb075cf082ade1b2a7c5ded76e/
Threat name:
Win32.Infostealer.ClipBanker
Create hunting rule
Status:
Malicious
First seen:
2022-12-12 12:09:12 UTC
File Type:
PE (Exe)
Extracted files:
10
AV detection:
15 of 26 (57.69%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=gityp2vomtx76ky2l7borv7uxgy22rh3a5opbavn4gzkpro625xa._file
Verdict:
malicious
Label(s):
raccoon
Create hunting rule
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/221212-pbfk1sbc73/
Behaviour
Creates scheduled task(s)
GoLang User-Agent
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Executes dropped EXE
Verdict:
Malicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/ad8141e5-8180-4242-b3ac-739a2d66a680
Unpacked files
SH256 hash:
4a84efa27a8913ed9d668189641bda23f00bab7f2b2192674a0ac5f1c0662df3
MD5 hash:
e1b6ce18e60933913fda4d191fcafa8b
SHA1 hash:
eef58a1cdc869847c5f3e244fe67af700b9a7328
Detections:
LaplasClipperGoLang
Create hunting rule
Link:
https://www.unpac.me/results/aa4c7c0a-2085-4980-a376-6cd4c0fbea13/
SH256 hash:
322787eaae64efff2b1a5fc2e8d7f4b9b1ad44fb075cf082ade1b2a7c5ded76e
MD5 hash:
6bdd7747ce0c482573958130ca93d1ef
SHA1 hash:
e6c5e9ea9a0634722d2842d274870d8ceff7ff43
Link:
https://www.unpac.me/results/aa4c7c0a-2085-4980-a376-6cd4c0fbea13/
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/322787eaae64/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/322787eaae64efff2b1a5fc2e8d7f4b9b1ad44fb075cf082ade1b2a7c5ded76e

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

LaplasClipper

Executable exe 322787eaae64efff2b1a5fc2e8d7f4b9b1ad44fb075cf082ade1b2a7c5ded76e

(this sample)

Cape
Cape
https://www.capesandbox.com/analysis/345416/
  
URLhaus
https://urlhaus.abuse.ch/url/2454835/
  
Delivery method
Distributed via web download

Comments