MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 340e98f83d47ba0a82f5894a0c4c4b8f689f37b0ee576b23c98f4099add95814. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


LaplasClipper


Vendor detections: 8


Intelligence 8 IOCs YARA 4 File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 340e98f83d47ba0a82f5894a0c4c4b8f689f37b0ee576b23c98f4099add95814
SHA3-384 hash: 5e2455712a50654c4812df9b2dcc346ab61b5d813352d9f62e9b9bec68acd74672562d0f3b5783967952ea44c0773072
SHA1 hash: 72b213ca4f6b5723426ac71774bc4f4e53db9504
MD5 hash: 543f45c69c8be4abd29e2b578bf26613
humanhash: mockingbird-december-maine-oregon
File name:543f45c69c8be4abd29e2b578bf26613
Download: download sample
Signature LaplasClipper
Create hunting rule
File size:1'606'056 bytes
First seen:2023-03-09 17:15:28 UTC
Last seen:2023-03-09 18:31:31 UTC
File type:DLL dll
MIME type:application/x-dosexec
imphash a2833106949ae6e20c40ed0128f9df4b (5 x RecordBreaker, 4 x SystemBC, 3 x RedLineStealer)
ssdeep 24576:aFNlSvUP/vMi2iERd853k2MImAtcp3vsnNIJLsAc+u5h7g3vIpU9dHhXZREOSg8u:aFlXkXii2j2JLtu5tg3uy8f2
TLSH T10375E10327FA8C9FE8D209704991F0C9B83EA6258E72EB1F64D92F59287E13BF151D15
TrID 50.0% (.EXE) Generic Win/DOS Executable (2002/3)
49.9% (.EXE) DOS Executable Generic (2000/1)
File icon (PE):PE icon
dhash icon a486a622dad7ca00 (3 x LaplasClipper)
Reporter zbetcheckin
Tags:32 dll exe LaplasClipper

Intelligence

File Origin
# of uploads :
2
# of downloads :
225
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/373075/
Detection(s):
SecuriteInfo.com.Win32.Evo-gen.14468.13067.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Сreating synchronization primitives
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
clipbanker overlay packed virus virut
Link:
https://www.filescan.io/uploads/640a14558b48bcea611fc9c8/reports/a2a0e593-ee3e-48d3-83b8-8bd9890e7802/overview
Verdict:
Malicious
Labled as:
Win/malicious_confidence_60%
Link:
https://www.hybrid-analysis.com/sample/340e98f83d47ba0a82f5894a0c4c4b8f689f37b0ee576b23c98f4099add95814
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/f52b4615-04b4-47b3-a4dc-3b481f847f9e
Result
Threat name:
Laplas Clipper
Create hunting rule
Detection:
malicious
Classification:
spyw.evad
Score:
84 / 100
Link:
https://www.joesandbox.com/analysis/1190578
Signature
Machine Learning detection for sample
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic
System process connects to network (likely due to code injection or exploit)
Yara detected Laplas Clipper
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 823454 Sample: 6tWl1nkAuj.dll Startdate: 09/03/2023 Architecture: WINDOWS Score: 84 29 Snort IDS alert for network traffic 2->29 31 Multi AV Scanner detection for domain / URL 2->31 33 Multi AV Scanner detection for submitted file 2->33 35 2 other signatures 2->35 7 loaddll32.exe 1 2->7         started        process3 process4 9 cmd.exe 1 7->9         started        11 rundll32.exe 7->11         started        14 WerFault.exe 4 9 7->14         started        17 conhost.exe 7->17         started        dnsIp5 19 rundll32.exe 21 9->19         started        39 System process connects to network (likely due to code injection or exploit) 11->39 23 WerFault.exe 22 9 11->23         started        27 192.168.2.1 unknown unknown 14->27 signatures6 process7 dnsIp8 25 nerf-0148-unknown.guru 79.137.195.205, 49703, 49716, 49717 PSKSET-ASRU Russian Federation 19->25 37 System process connects to network (likely due to code injection or exploit) 19->37 signatures9
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/340e98f83d47ba0a82f5894a0c4c4b8f689f37b0ee576b23c98f4099add95814/
Threat name:
Win32.Trojan.ClipBanker
Create hunting rule
Status:
Malicious
First seen:
2023-03-09 17:30:35 UTC
File Type:
PE (Dll)
Extracted files:
3
AV detection:
14 of 24 (58.33%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=gqhjr6b5i65avaxvrffaytclr5uj6n5q5zlwwi6jr5ajtlozlaka._file
Verdict:
unknown
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/230309-vs5jcsde82/
Behaviour
Suspicious use of WriteProcessMemory
Program crash
Unpacked files
SH256 hash:
3f6c59ae39a668fb007de0ee0e41b3c22bd5a12d47eb188ddbdd2f0e933381e5
MD5 hash:
b0b38671c296ff0622f969588e121f0d
SHA1 hash:
3c983d9de5bee6b28453bc26717d2ca039b510b2
Link:
https://www.unpac.me/results/8a96fb02-1f35-4716-8478-b4f884f26f74/
SH256 hash:
340e98f83d47ba0a82f5894a0c4c4b8f689f37b0ee576b23c98f4099add95814
MD5 hash:
543f45c69c8be4abd29e2b578bf26613
SHA1 hash:
72b213ca4f6b5723426ac71774bc4f4e53db9504
Link:
https://www.unpac.me/results/8a96fb02-1f35-4716-8478-b4f884f26f74/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/340e98f83d47ba0a82f5894a0c4c4b8f689f37b0ee576b23c98f4099add95814

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:detect_bitcoin
Create hunting rule
Rule name:meth_get_eip
Create hunting rule
Author:Willi Ballenthin
Rule name:PE_Digital_Certificate
Create hunting rule
Author:albertzsigovits
Rule name:PE_Potentially_Signed_Digital_Certificate
Create hunting rule
Author:albertzsigovits

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

LaplasClipper

DLL dll 340e98f83d47ba0a82f5894a0c4c4b8f689f37b0ee576b23c98f4099add95814

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/2564323/
Cape
Cape
https://www.capesandbox.com/analysis/373075/

Comments


Avatar
zbet commented on 2023-03-09 17:15:33 UTC

url : hxxp://167.235.240.0/rlmp32wlve.dll