MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7e197097351b093b6698ed9634e8ae0dbd7bc4aa65470bde4ce131c4de641f64. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


LaplasClipper


Vendor detections: 8


Intelligence 8 IOCs YARA 7 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7e197097351b093b6698ed9634e8ae0dbd7bc4aa65470bde4ce131c4de641f64
SHA3-384 hash: 250615b883296dcb3d6d450045b4612559d9202a509c89c63389c6e34a82fb60271577cc3b1ace2e70fe94cd35ffb3ab
SHA1 hash: ae7eae6c1dea491c95d232bd9df311d0cad2e3b0
MD5 hash: 921a72053ef8292de1db6cb51f7b3e72
humanhash: nineteen-wyoming-hotel-network
File name:mvkuTEicxs.exe_0x400000-0x4cb000.bin
Download: download sample
Signature LaplasClipper
Create hunting rule
File size:5'025'792 bytes
First seen:2022-11-23 14:20:40 UTC
Last seen:2022-11-23 15:34:30 UTC
File type:Executable exe
MIME type:application/x-dosexec
ssdeep 49152:phHpbEfTEFJJczSLZ1vAaE5FKY/t7mGczj4VVT2mCLfP5/hfKNpXsLZ1Kpv2FYQF:HJgKA2LZVGczAVy1/VP8VW81
Threatray 7 similar samples on MalwareBazaar
TLSH T1DB363951F9D780B5EA03593004A7A2BF67307E098B34CBC7DA507F6AE8776E21D32619
TrID 40.3% (.EXE) Win64 Executable (generic) (10523/12/4)
19.3% (.EXE) Win16 NE executable (generic) (5038/12/1)
17.2% (.EXE) Win32 Executable (generic) (4505/5/1)
7.7% (.EXE) OS/2 Executable (generic) (2029/13)
7.6% (.EXE) Generic Win/DOS Executable (2002/3)
Reporter 0xToxin
Tags:exe LaplasClipper

Intelligence

File Origin
# of uploads :
2
# of downloads :
218
Origin country :
IL IL
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
mvkuTEicxs.exe_0x400000-0x4cb000.bin
Verdict:
No threats detected
Analysis date:
2022-11-23 14:28:56 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/838b7c8e-6aed-475b-b608-b19b1f66eba0

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/337661/
Detection(s):
SecuriteInfo.com.Win32.BankerX-gen.5554.15553.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for the window
Searching for synchronization primitives
Launching the default Windows debugger (dwwin.exe)
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
golang overlay packed
Link:
https://www.filescan.io/uploads/637e2c4fccc04a029db33e1e/reports/4267bdb0-95fb-4276-a008-0f13d442bbbf/overview
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/b86d6e64-9fee-41de-bcd7-2cd88555e69b
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/1120086
Signature
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/7e197097351b093b6698ed9634e8ae0dbd7bc4aa65470bde4ce131c4de641f64/
Threat name:
Win32.Trojan.BankerX
Create hunting rule
Status:
Malicious
First seen:
2022-11-23 14:21:10 UTC
File Type:
PE (Exe)
AV detection:
13 of 25 (52.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=pymxbfzvdmetwzuy5wldj2fobw6xxrfkmvdqxxsm4ey4jxted5sa._file
Verdict:
malicious
Similar samples:
2cf979e3a79853225e5e17856721d1256c8f319e3883e65db794f187dc424304
LaplasClipper
63018f38311387aa7f511f090fd154ea6ec3799c2f4762890082793912c68146
LaplasClipper
7fb7b8baeb8b32f9aaf1f414913ff1086024844852ae80c6d6d0f34223f90823
LaplasClipper
873e9fb03b58e3a8f103ef24933427a86409b8f7560e9ee2a442e9195883ec42
LaplasClipper
c3ac86b3dfaed540a466f230e12c3f12c56e10755b6d5d195001ca5523d80fa4
LaplasClipper
e6432f09b652cd3f577cde0671ef18ad9cd6fe5d0b45460a740254dd097f4d51
LaplasClipper
faf9fafa302622d32b46956c7ff81da78773366c0e120936a61ceea4c489c5b8
LaplasClipper
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/221123-rnzkrscb31/
Behaviour
Program crash
Unpacked files
SH256 hash:
7e197097351b093b6698ed9634e8ae0dbd7bc4aa65470bde4ce131c4de641f64
MD5 hash:
921a72053ef8292de1db6cb51f7b3e72
SHA1 hash:
ae7eae6c1dea491c95d232bd9df311d0cad2e3b0
Link:
https://www.unpac.me/results/9a2f7995-635f-48ba-9dcb-2eaed46b66bc/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/7e197097351b093b6698ed9634e8ae0dbd7bc4aa65470bde4ce131c4de641f64

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:command_and_control
Create hunting rule
Author:CD_R0M_
Description:This rule searches for common strings found by malware using C2. Based on a sample used by a Ransomware group
Rule name:GoBinTest
Create hunting rule
Rule name:golang
Create hunting rule
Rule name:Golangmalware
Create hunting rule
Author:Dhanunjaya
Description:Malware in Golang
Rule name:HiveRansomware
Create hunting rule
Author:Dhanunjaya
Description:Yara Rule To Detect Hive V4 Ransomware
Rule name:identity_golang
Create hunting rule
Author:Eric Yocam
Description:find Golang malware
Rule name:win_laplas_clipper_9c96
Create hunting rule
Author:Johannes Bader
Description:detects unpacked Laplas Clipper

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/337661/

Comments