MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 799c0a4b999970a5e667c1a4de283576672d4d6a2316d2f434188546e6c1d4d0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

LaplasClipper

Vendor detections: 12

Intelligence 12 IOCs YARA 2 File information Comments 1

SHA256 hash:	799c0a4b999970a5e667c1a4de283576672d4d6a2316d2f434188546e6c1d4d0
SHA3-384 hash:	3a9806f42c3dfe219b92cfd508442efef5f15cb8bc2bec84f36e06e36d29147af0fb96ed9b4834136181134db502d7ed
SHA1 hash:	81f05d42be1951a25122e44e92dd04c255c9c644
MD5 hash:	ca35b8329c5ddd2fe58f0d369fdf766c
humanhash:	kilo-fruit-low-social
File name:	ca35b8329c5ddd2fe58f0d369fdf766c
Download:	download sample
Signature	LaplasClipper Create hunting rule
File size:	8'192 bytes
First seen:	2022-11-19 23:05:03 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	f34d5f2d4577ed6d9ceec516c1f5a744 (48'648 x AgentTesla, 19'452 x Formbook, 12'201 x SnakeKeylogger)
ssdeep	96:Y8M4co5EAspdZYHmLG5rUVAVZB/uxOAyKXYHzhlVnme9qw4cKsP0M:YXo5ELtYHmLGeCP/ZIYTJnme9qwFV
Threatray	3'244 similar samples on MalwareBazaar
TLSH	T1CFF1EA05BBD84669DBAE473504B743150732B727A633CB9F18CC526D1CA36980B427EE
TrID	72.5% (.EXE) Generic CIL Executable (.NET, Mono, etc.) (73123/4/13) 10.4% (.EXE) Win64 Executable (generic) (10523/12/4) 6.5% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2) 4.4% (.EXE) Win32 Executable (generic) (4505/5/1) 2.0% (.EXE) OS/2 Executable (generic) (2029/13)
Reporter	zbetcheckin
Tags:	32 exe LaplasClipper

Intelligence

File Origin

# of uploads :

# of downloads :

200

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

ca35b8329c5ddd2fe58f0d369fdf766c

Verdict:

Malicious activity

Analysis date:

2022-11-19 23:07:16 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/47fe9c13-007f-44cc-a4f1-36079a7c3487

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/336229/

Detection(s):

SecuriteInfo.com.Win32.PWSX-gen.17758.15328.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Creating a file in the %AppData% subdirectories

Creating a file

Running batch commands

Launching a process

Enabling autorun by creating a file

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Tags:

cmd.exe packed

Link:

https://www.filescan.io/uploads/6379615a922dba1ce6f7d36f/reports/55408602-ed44-4860-8e9a-ebeb1b5ca020/overview

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Malware family:

Generic Malware

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/89ebaa6a-a6b5-4397-9393-5edb15f52168

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/799c0a4b999970a5e667c1a4de283576672d4d6a2316d2f434188546e6c1d4d0/

Threat name:

ByteCode-MSIL.Trojan.Tasker

Status:

Malicious

First seen:

2022-11-19 23:06:05 UTC

File Type:

PE (.Net Exe)

AV detection:

17 of 26 (65.38%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=pgoaus4ztfyklzthygsn4kbvozts2tlkemlnf5budccunzwb2tia._file

Verdict:

malicious

LaplasClipper

14f2a593281d5c9700a878f32199aa69b18f10b2d3849d216764f96a3f8a00f9

LaplasClipper

2853bcb79fe32b2abcf98713e3bbffd82d881149bbb1a3ee8c97a254dabb129b

LaplasClipper

39989ee85d56ae59453e4ab5a7336b393650d4f5c0ae45d7a3854a8cd34b11fc

LaplasClipper

4533b5392f6e49cf20ee0821b4c8b6b74b8af274995646791ec7fe48a2615425

LaplasClipper

47dbb2594cd5eb7015ef08b7fb803cd5adc1a1fbe4849dc847c0940f1ccace35

LaplasClipper

5d5ada6149e305fc6f546f8e7eb8e11d0d113edf57ed763e5c54626ca864da4c

LaplasClipper

5e902a138174c34e5445685c82b2044e0b35565854471aaccef0315c77288dc9

LaplasClipper

d6618f430c04b203394c7887803a2171402efa31427c0835e24c9dec935bf79c

LaplasClipper

+ 3'234 additional samples on MalwareBazaar

Result

Malware family:

laplas

Score:

10/10

Tags:

family:laplas stealer

Link:

https://tria.ge/reports/221119-22txjseg46/

Behaviour

Creates scheduled task(s)

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Executes dropped EXE

Laplas Clipper

Verdict:

Malicious

Tags:

n/a

YARA:

n/a

Link:

https://app.threat.zone/submission/98bd3c06-1d97-423c-95e6-4abd7de5f52f

Unpacked files

SH256 hash:

799c0a4b999970a5e667c1a4de283576672d4d6a2316d2f434188546e6c1d4d0

MD5 hash:

ca35b8329c5ddd2fe58f0d369fdf766c

SHA1 hash:

81f05d42be1951a25122e44e92dd04c255c9c644

Link:

https://www.unpac.me/results/eef46ff1-59fa-4124-9673-2467eecdd160/

Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	pe_imphash Create hunting rule

Rule name:	Skystars_Malware_Imphash Create hunting rule
Author:	Skystars LightDefender
Description:	imphash

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

LaplasClipper

exe 799c0a4b999970a5e667c1a4de283576672d4d6a2316d2f434188546e6c1d4d0

(this sample)

Delivery method

Distributed via web download

URLhaus

https://urlhaus.abuse.ch/url/2426905/

Cape

https://www.capesandbox.com/analysis/336229/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

zbet commented on 2022-11-19 23:05:06 UTC

url : hxxp://77.73.133.113/lego/111.exe