MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 78b49f7d4523704579aa2c70ca8602317e347ec8b4884fc6f52a4b83d4258549. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


LaplasClipper


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 78b49f7d4523704579aa2c70ca8602317e347ec8b4884fc6f52a4b83d4258549
SHA3-384 hash: 73585dbaf092af63f8401dafa69668a02ed073f4542499fab91e5a5c4ec8d143e26df13f9ea6db59f5cbf5fd3e5b6efe
SHA1 hash: a1e59167ece978c3cfe5107a087e3aec65334dbb
MD5 hash: 5d27d7c444aa9ac075cf892d70357e54
humanhash: louisiana-virginia-floor-colorado
File name:5d27d7c444aa9ac075cf892d70357e54
Download: download sample
Signature LaplasClipper
Create hunting rule
File size:24'103'424 bytes
First seen:2023-04-01 18:14:08 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash fd867d283c8335cc9c03060aaa4c760d (1 x LaplasClipper)
ssdeep 393216:AhrGShpkvUpER3ofFyj0EB6252X+c/uZxTR/R2cwxdoR3WFOFXt57h0QCjrddxuy:ApGShpm5bj1K/2lReQZWc5d0VdxAEMoR
TLSH T1523723D255D963E4D0D30A18628711CF25C1B4EAC6FE9A1D2BC69C031F61FEA198EB73
TrID 33.6% (.EXE) OS/2 Executable (generic) (2029/13)
33.1% (.EXE) Generic Win/DOS Executable (2002/3)
33.1% (.EXE) DOS Executable Generic (2000/1)
File icon (PE):PE icon
dhash icon 9288ce8c2a868f92 (89 x Tinba, 7 x AsyncRAT, 6 x Dridex)
Reporter zbetcheckin
Tags:exe LaplasClipper

Intelligence

File Origin
# of uploads :
1
# of downloads :
367
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
5d27d7c444aa9ac075cf892d70357e54
Verdict:
Suspicious activity
Analysis date:
2023-04-01 18:15:56 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/7f1da9e8-be94-4481-8fbd-59e9f9e04165

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection(s):
SecuriteInfo.com.Win64.Evo-gen.17383.11716.UNOFFICIAL
Create hunting rule

Result
Verdict:
Suspicious
Maliciousness:

Behaviour
Creating a file in the %AppData% subdirectories
Creating a process from a recently created file
DNS request
Enabling autorun with the standard Software\Microsoft\Windows\CurrentVersion\Run registry branch
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
packed
Link:
https://www.filescan.io/uploads/642874a74e6582605f0780c3/reports/8c298fd5-9dda-479e-ac90-b0d404e87829/overview
Verdict:
Malicious
Link:
https://www.hybrid-analysis.com/sample/78b49f7d4523704579aa2c70ca8602317e347ec8b4884fc6f52a4b83d4258549
Result
Verdict:
MALICIOUS
Result
Threat name:
Laplas Clipper
Create hunting rule
Detection:
malicious
Classification:
spyw
Score:
80 / 100
Link:
https://www.joesandbox.com/analysis/1206377
Signature
Antivirus detection for URL or domain
Machine Learning detection for sample
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Overwrites code with unconditional jumps - possibly settings hooks in foreign process
Yara detected Laplas Clipper
Behaviour
Behavior Graph:
Download SVG
Gathering data
Threat name:
Win64.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2023-04-01 18:15:16 UTC
File Type:
PE+ (Exe)
Extracted files:
25
AV detection:
10 of 24 (41.67%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=pc2j67kfenyek6nkfrymvbqcgf7di7wiwsee7rxvfjfyhvbfqveq._file
Verdict:
unknown
Result
Malware family:
n/a
Score:
  7/10
Tags:
persistence
Link:
https://tria.ge/reports/230401-wvwvnsda6s/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Adds Run key to start application
Executes dropped EXE
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.54
Link:
https://yomi.yoroi.company/submissions/78b49f7d4523704579aa2c70ca8602317e347ec8b4884fc6f52a4b83d4258549

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

LaplasClipper

Executable exe 78b49f7d4523704579aa2c70ca8602317e347ec8b4884fc6f52a4b83d4258549

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/2593916/

Comments


Avatar
zbet commented on 2023-04-01 18:14:27 UTC

url : hxxp://167.235.240.0/ntvdm64.exe