MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 615410f6d53aefbcbdd874fdeaa335d174bdbdae890d8888e02af05e9851b589. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

LaplasClipper

Vendor detections: 13

Intelligence 13 IOCs YARA File information Comments

SHA256 hash:	615410f6d53aefbcbdd874fdeaa335d174bdbdae890d8888e02af05e9851b589
SHA3-384 hash:	02ec028bf30b50784db9ed8332fb1eadc7f0e9020039691c20ba8209d802946c92425395ff787efb8c877988ecd9ab0a
SHA1 hash:	b4f7b43ce6c44ead89a921b643f9bb54b90f869f
MD5 hash:	09a0191c8eae4e46114233d76130aad0
humanhash:	kansas-failed-hot-monkey
File name:	09a0191c8eae4e46114233d76130aad0.exe
Download:	download sample
Signature	LaplasClipper Create hunting rule
File size:	6'283'912 bytes
First seen:	2023-02-09 23:05:41 UTC
Last seen:	2023-02-10 00:38:55 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	5780e08c9c78220a0c99027a41bbbfa4 (2 x LaplasClipper)
ssdeep	98304:mziCKd/1vxs4IEgIpQyO87n+esGggVa6fTUiJFC3zIhg/EYuhS8/vuXgLu7:YiCS6Ic22GbHfTUiJFC3Bp8nzi7
TLSH	T192561293BB508556C0DD8839992B5FF939F1EA676E026923338D7B8D2E722D0B3035D1
TrID	40.3% (.EXE) Win64 Executable (generic) (10523/12/4) 19.3% (.EXE) Win16 NE executable (generic) (5038/12/1) 17.2% (.EXE) Win32 Executable (generic) (4505/5/1) 7.7% (.EXE) OS/2 Executable (generic) (2029/13) 7.6% (.EXE) Generic Win/DOS Executable (2002/3)
File icon (PE):
dhash icon	8afe6c5c7233fa5c (1 x LaplasClipper)
Reporter	abuse_ch
Tags:	exe LaplasClipper signed

Code Signing Certificate

Organisation:	Canon PowerShot SX620 HS
Issuer:	Canon PowerShot SX620 HS
Algorithm:	sha1WithRSAEncryption
Valid from:	2022-12-07T13:04:46Z
Valid to:	2032-12-08T13:04:46Z
Serial number:	4692f3690ed750b749d7f88b15ec2519
Intelligence:	2 malware samples on MalwareBazaar are signed with this code signing certificate
Thumbprint Algorithm:	SHA256
Thumbprint:	aaca14c0f0a877575e5b36182f073a638aeafb0ed9d02995d649fccf7c7339e2
Source:	This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

abuse_ch

LaplasClipper C2:
http://clipper.guru/bot/regex?key=7ee57b1f6d4aff08f9755119b18cf0754b677addcb6a3063066112b10a357a8e

Intelligence

File Origin

# of uploads :

# of downloads :

218

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

09a0191c8eae4e46114233d76130aad0.exe

Verdict:

Malicious activity

Analysis date:

2023-02-09 23:08:12 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/5b1f537b-e4f9-454b-89fb-9562d7b4f435

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/363061/

Detection(s):

SecuriteInfo.com.Variant.Fragtor.176486.17195.29451.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Creating a file in the %AppData% subdirectories

Running batch commands

Launching a process

Creating a file

Searching for the window

Creating a process from a recently created file

Enabling autorun by creating a file

Result

Malware family:

n/a

Score:

5/10

Tags:

n/a

Link:

https://dragonfly.certego.net/analysis/67374/overview

Behaviour

MalwareBazaar

Verdict:

Likely Malicious

Threat level:

7.5/10

Confidence:

80%

Tags:

greyware overlay packed

Link:

https://www.filescan.io/uploads/63e57c5cfc4dffab0ccf83d1/reports/3a596fd2-1f5c-47a2-8e2d-905972345f6c/overview

Verdict:

Malicious

Labled as:

Fragtor.Generic

Link:

https://www.hybrid-analysis.com/sample/615410f6d53aefbcbdd874fdeaa335d174bdbdae890d8888e02af05e9851b589

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Verdict:

Unknown

Link:

https://analyze.intezer.com/analyses/c5e0736f-63af-481e-843a-3dbf1b0bbdc1

Result

Threat name:

Laplas Clipper

Detection:

malicious

Classification:

spyw.evad

Score:

100 / 100

Link:

https://www.joesandbox.com/analysis/1170623

Signature

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Multi AV Scanner detection for domain / URL

Multi AV Scanner detection for submitted file

Overwrites code with unconditional jumps - possibly settings hooks in foreign process

Snort IDS alert for network traffic

Tries to detect virtualization through RDTSC time measurements

Uses schtasks.exe or at.exe to add and modify task schedules

Yara detected Laplas Clipper

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/615410f6d53aefbcbdd874fdeaa335d174bdbdae890d8888e02af05e9851b589/

Threat name:

Win32.Trojan.Tasker

Status:

Malicious

First seen:

2022-12-09 09:37:06 UTC

File Type:

PE (Exe)

Extracted files:

AV detection:

18 of 26 (69.23%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=mfkbb5wvhlx3zpoyot66vizv2f2l3pnoregyrchaflyf5gcrwweq._file

Verdict:

malicious

Result

Malware family:

laplas

Score:

10/10

Tags:

family:laplas clipper stealer

Link:

https://tria.ge/reports/230209-23d8gsba7t/

Behaviour

Creates scheduled task(s)

GoLang User-Agent

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

Executes dropped EXE

Laplas Clipper

Malware Config

C2 Extraction:

clipper.guru

Unpacked files

SH256 hash:

69253f56b5b6396002d714bec10ea7502114e9875677add522f38d29322a2b0a

MD5 hash:

a8d70c710665227cc75c6220f307d717

SHA1 hash:

f949f6e265555be01d2f4d05aec8ec93175e5dda

Link:

https://www.unpac.me/results/8ecfb358-d36d-4777-9f0c-30ac534e42b1/

SH256 hash:

615410f6d53aefbcbdd874fdeaa335d174bdbdae890d8888e02af05e9851b589

MD5 hash:

09a0191c8eae4e46114233d76130aad0

SHA1 hash:

b4f7b43ce6c44ead89a921b643f9bb54b90f869f

Link:

https://www.unpac.me/results/8ecfb358-d36d-4777-9f0c-30ac534e42b1/

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/_mb/615410f6d53a/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/615410f6d53aefbcbdd874fdeaa335d174bdbdae890d8888e02af05e9851b589

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/363061/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample