MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4063e9392a870c336313c33c498fccff27bc86a20b925e3d9d418b20613eee4b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


LaplasClipper


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4063e9392a870c336313c33c498fccff27bc86a20b925e3d9d418b20613eee4b
SHA3-384 hash: f19146b60c94abbf595c7524c25d3663069167ebb16d3c44a7475f03c3ebe355fff9048d1f30ec604c512d1babef8925
SHA1 hash: 094ca2a456841a37d53724f9cd242af7f2a87945
MD5 hash: 3714bf1b2ccb2d589bbf9fc56b95f34f
humanhash: idaho-lion-finch-mississippi
File name:3714bf1b2ccb2d589bbf9fc56b95f34f.exe
Download: download sample
Signature LaplasClipper
Create hunting rule
File size:3'979'776 bytes
First seen:2023-01-03 07:02:38 UTC
Last seen:2023-01-19 14:51:54 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash a85a9d824bbb991ac562a06ec02461e3 (2 x LaplasClipper)
ssdeep 98304:TY+I/xOyEEaO5PsR9urjsFFZ9iZ1+AhMr+rCIvdvA92RxHGf:TZI/AyEEf5zrIZ9i+9rBKxlhm
Threatray 194 similar samples on MalwareBazaar
TLSH T15706BEFD771FE2EFC2D68470E403CD13D268E3E18A14A512F89A39BD9A12E1616C67D4
TrID 30.2% (.EXE) Win64 Executable (generic) (10523/12/4)
18.9% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
14.5% (.EXE) Win16 NE executable (generic) (5038/12/1)
12.9% (.EXE) Win32 Executable (generic) (4505/5/1)
5.9% (.ICL) Windows Icons Library (generic) (2059/9)
Reporter abuse_ch
Tags:exe LaplasClipper

Intelligence

File Origin
# of uploads :
2
# of downloads :
186
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
3714bf1b2ccb2d589bbf9fc56b95f34f.exe
Verdict:
Malicious activity
Analysis date:
2023-01-03 07:03:41 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/36c26baa-79c8-4869-ab19-2353a1f19f4c

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.64714131.8016.2000.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file in the %AppData% subdirectories
Сreating synchronization primitives
Launching a process
Creating a process with a hidden window
DNS request
Enabling autorun by creating a file
Verdict:
No Threat
Threat level:
  2/10
Confidence:
100%
Tags:
greyware shell32.dll
Link:
https://www.filescan.io/uploads/63b3d32740e878e304224c36/reports/46a76139-f6ca-4092-a00d-aa5632180d34/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/2d8885e2-b76f-40f3-83c9-f81862a494c5
Result
Threat name:
Laplas Clipper
Create hunting rule
Detection:
malicious
Classification:
spyw.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/1144424
Signature
Antivirus detection for dropped file
Antivirus detection for URL or domain
Machine Learning detection for sample
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
PE file contains section with special chars
Query firmware table information (likely to detect VMs)
Snort IDS alert for network traffic
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Uses schtasks.exe or at.exe to add and modify task schedules
Yara detected Laplas Clipper
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/4063e9392a870c336313c33c498fccff27bc86a20b925e3d9d418b20613eee4b/
Threat name:
Win32.Trojan.GenericML
Create hunting rule
Status:
Malicious
First seen:
2023-01-03 01:04:04 UTC
File Type:
PE (Exe)
Extracted files:
1
AV detection:
22 of 26 (84.62%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ibr6sojkq4gdgyytym6etd6m74t3zbvcbojf4pm5igfsayj65zfq._file
Verdict:
malicious
Similar samples:
09abe799d30cdceab1600a1421583b1d7a5d3a9b14fb89e7dfa8d4ca4e5c85ac
LaplasClipper
739a3e0733b75f4d7fcd2bc746422ea269ee8cb04e30fcad6d3b1e1163ececf1
LaplasClipper
8086d2b05316a9b44f55971a6c90da8ecb069d075973654f5f914229dc3070f6
LaplasClipper
8d5183e16553bfad76d68b950d94144e5d57633c716074ca3d76cf6e6903918f
LaplasClipper
9f897441820de0f050f41fa9d1cbdb70aad43e1bacc202ae11e8a38d1d043fca
LaplasClipper
a484a486e4ccce5d89bed7fd21d3aef4802a85b3147a0445ccca16b3df95267a
LaplasClipper
a7b9f85870179430e1d8776a0fe5b2bfde0dfee26a168c5ace0287a7a461835c
LaplasClipper
e21d4e0b2f711e72b6251d1a0a5f1a703baffb7c7ddd1d1b087bc9068f17aaa8
LaplasClipper
fad1b92b67d6509a5d114b43395bd428b8fff6b827198083f1abc801a9c78525
LaplasClipper
+ 184 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  9/10
Tags:
evasion trojan
Link:
https://tria.ge/reports/230103-hvd3zaaf57/
Behaviour
Creates scheduled task(s)
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Checks whether UAC is enabled
Checks BIOS information in registry
Checks computer location settings
Executes dropped EXE
Identifies VirtualBox via ACPI registry values (likely anti-VM)
Unpacked files
SH256 hash:
4063e9392a870c336313c33c498fccff27bc86a20b925e3d9d418b20613eee4b
MD5 hash:
3714bf1b2ccb2d589bbf9fc56b95f34f
SHA1 hash:
094ca2a456841a37d53724f9cd242af7f2a87945
Link:
https://www.unpac.me/results/c0d83228-f6ea-4a61-bfa2-9c6d2dcdeaed/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.16
Link:
https://yomi.yoroi.company/submissions/4063e9392a870c336313c33c498fccff27bc86a20b925e3d9d418b20613eee4b

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

LaplasClipper

Executable exe 4063e9392a870c336313c33c498fccff27bc86a20b925e3d9d418b20613eee4b

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/2469977/
  
Delivery method
Distributed via web download

Comments