MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 348014d89503967f134b988559b2ac694e0d3256708bbf7d8b96aa8c49fe1057. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


LaplasClipper


Vendor detections: 14


Intelligence 14 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 348014d89503967f134b988559b2ac694e0d3256708bbf7d8b96aa8c49fe1057
SHA3-384 hash: 1046174f1157c542f1e505b312a5b5997182ff21b3fb237780414d6783eccaea29de8f74d20b4cb17e40c9b11d95f669
SHA1 hash: 59f375481cdfe246d1ddcaada9941e16dcfda297
MD5 hash: 99f16ab6ab670935b5aa5c84b1b5f6bd
humanhash: april-johnny-california-snake
File name:99f16ab6ab670935b5aa5c84b1b5f6bd
Download: download sample
Signature LaplasClipper
Create hunting rule
File size:7'635'968 bytes
First seen:2023-03-19 15:35:11 UTC
Last seen:2023-03-19 17:31:36 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 8aa23bea230ae1c890d1bde72074903b (1 x LaplasClipper)
ssdeep 196608:Ltu5ODXM16mjmKSRFWuxx6ruj3nK/x9jWuy:L05ODcgR6mix1
Threatray 1 similar samples on MalwareBazaar
TLSH T176763377222A0084C5E38D314A37FDF8F1F242AE8B819CF4659A5EC57D236E5A793943
TrID 40.3% (.EXE) Win64 Executable (generic) (10523/12/4)
19.3% (.EXE) Win16 NE executable (generic) (5038/12/1)
17.2% (.EXE) Win32 Executable (generic) (4505/5/1)
7.7% (.EXE) OS/2 Executable (generic) (2029/13)
7.6% (.EXE) Generic Win/DOS Executable (2002/3)
File icon (PE):PE icon
dhash icon 686e66e6c2e8e4c0 (4 x RecordBreaker, 2 x LaplasClipper)
Reporter zbetcheckin
Tags:32 exe LaplasClipper

Intelligence

File Origin
# of uploads :
2
# of downloads :
234
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
raccoon
Create hunting rule
ID:
1
File name:
https://download2289.mediafire.com/8qqs6oo1rujgnygOXJhbwy64oswURabE2x1av_x8wbxCKNoVMnXD6WiSXch-UuV7QZsplxCm1Blj8PQDFBwo1J9UjPRmqg/bjekqvmcikvdtef/WareHacks.rar
Verdict:
Malicious activity
Analysis date:
2023-03-17 20:29:41 UTC
Tags:
raccoon recordbreaker trojan loader stealer
Link:
https://app.any.run/tasks/d495552d-9a4c-4e26-8579-3761de8bc587

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/375680/
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.65899324.32037.17395.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for the window
Creating a file in the %AppData% subdirectories
Сreating synchronization primitives
Creating a process from a recently created file
Creating a process with a hidden window
Connecting to a non-recommended domain
Sending an HTTP GET request
Enabling autorun with the standard Software\Microsoft\Windows\CurrentVersion\Run registry branch
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/74111/overview
Behaviour
MalwareBazaar
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
clipbanker evasive greyware packed shell32.dll
Link:
https://www.filescan.io/uploads/64172be32fbc9ad18a02fee1/reports/911fded6-9fdc-44b7-94ab-a5db09501cac/overview
Verdict:
Malicious
Labled as:
Win/malicious_confidence_100%
Link:
https://www.hybrid-analysis.com/sample/348014d89503967f134b988559b2ac694e0d3256708bbf7d8b96aa8c49fe1057
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/1f556c63-d81d-4b2d-961d-01020a217b82
Result
Threat name:
Laplas Clipper
Create hunting rule
Detection:
malicious
Classification:
spyw.evad
Score:
88 / 100
Link:
https://www.joesandbox.com/analysis/1197143
Signature
Hides threads from debuggers
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Overwrites code with unconditional jumps - possibly settings hooks in foreign process
PE file contains section with special chars
Snort IDS alert for network traffic
Tries to detect virtualization through RDTSC time measurements
Tries to evade analysis by execution special instruction (VM detection)
Yara detected Laplas Clipper
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/348014d89503967f134b988559b2ac694e0d3256708bbf7d8b96aa8c49fe1057/
Threat name:
Win32.Trojan.Casdet
Create hunting rule
Status:
Malicious
First seen:
2023-03-12 22:24:37 UTC
File Type:
PE (Exe)
Extracted files:
10
AV detection:
17 of 24 (70.83%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=gsabjwevaolh6e2ltccvtmvmnfha2mswocf367mls2viysp6cblq._file
Verdict:
malicious
Label(s):
raccoon
Create hunting rule
Similar samples:
39c28f0244bfeb2fe54808cda05f80ad36a886f1e2c75960779ede0894a9219d
LaplasClipper
Result
Malware family:
laplas
Create hunting rule
Score:
  10/10
Tags:
family:laplas clipper persistence stealer
Link:
https://tria.ge/reports/230319-s1wv3sba51/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Suspicious use of NtSetInformationThreadHideFromDebugger
Adds Run key to start application
Checks computer location settings
Executes dropped EXE
Loads dropped DLL
Laplas Clipper
Malware Config
C2 Extraction:
http://185.106.92.104
Unpacked files
SH256 hash:
543cf122382efb38be76104b6283f71de6e43cad09b330e99e764758fa51b4f4
MD5 hash:
c8c99d7addf92ddf48af0a132baa7a14
SHA1 hash:
e60fcbbd16dc608687272e080f8965594183ca39
Link:
https://www.unpac.me/results/d73b51ae-9802-4c5c-abbd-bd9afa0737b4/
SH256 hash:
348014d89503967f134b988559b2ac694e0d3256708bbf7d8b96aa8c49fe1057
MD5 hash:
99f16ab6ab670935b5aa5c84b1b5f6bd
SHA1 hash:
59f375481cdfe246d1ddcaada9941e16dcfda297
Link:
https://www.unpac.me/results/d73b51ae-9802-4c5c-abbd-bd9afa0737b4/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/348014d89503967f134b988559b2ac694e0d3256708bbf7d8b96aa8c49fe1057

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

LaplasClipper

Executable exe 348014d89503967f134b988559b2ac694e0d3256708bbf7d8b96aa8c49fe1057

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/2577481/
Cape
Cape
https://www.capesandbox.com/analysis/375680/

Comments


Avatar
zbet commented on 2023-03-19 15:35:19 UTC

url : hxxp://185.106.92.140:8080/neee.exe