MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 81e9eefec051e50a819e76fa1ec2f088c2e8c5de677537838193cf6c2e5c7584. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

LaplasClipper

Vendor detections: 12

Intelligence 12 IOCs YARA 1 File information Comments

SHA256 hash:	81e9eefec051e50a819e76fa1ec2f088c2e8c5de677537838193cf6c2e5c7584
SHA3-384 hash:	d9717bb31b40c252edb4a63dcfec75f91e3f750071748aff52fb2df1abf33a8001e808c3aa64c137173c9f55eedf33c2
SHA1 hash:	220db17c0ba6b83ead730bf65c6e34d4da4eadaa
MD5 hash:	24774c7b900e0a51df665776b502cfc9
humanhash:	apart-earth-nebraska-delta
File name:	24774c7b900e0a51df665776b502cfc9.exe
Download:	download sample
Signature	LaplasClipper Create hunting rule
File size:	2'311'168 bytes
First seen:	2022-11-27 17:17:24 UTC
Last seen:	2022-11-27 18:32:01 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	77b9cbeda5e32323ee560d94649c1c1a (8 x Smoke Loader, 3 x CoinMiner, 2 x Amadey)
ssdeep	49152:D52VUM+pj0i6fodAXT49NxSUIBdxorsSaiMLy5pb504BRdT4Hol7UR:l2VjsEwdqTgXSUIVIR7Rq4BbsHol7
TLSH	T183B5339B7293E076D823C8761C39D2056F9B3578A6287E1CFB1079361F206F9EE57242
TrID	47.3% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13) 15.9% (.EXE) Win64 Executable (generic) (10523/12/4) 9.9% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2) 7.6% (.EXE) Win16 NE executable (generic) (5038/12/1) 6.8% (.EXE) Win32 Executable (generic) (4505/5/1)
File icon (PE):
dhash icon	24a4137031939b91 (1 x Amadey, 1 x LaplasClipper)
Reporter	abuse_ch
Tags:	exe LaplasClipper

Intelligence

File Origin

# of uploads :

# of downloads :

197

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

24774c7b900e0a51df665776b502cfc9.exe

Verdict:

Malicious activity

Analysis date:

2022-11-27 17:22:24 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/f30a5f4e-5c65-4679-8d5e-e8e352a880ae

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/339111/

Detection(s):

Win.Malware.Botx-9979645-0

Win.Malware.Dropperx-9979664-0

Win.Malware.Botx-9979678-0

Result

Verdict:

Malware

Maliciousness:

Behaviour

Creating a file in the %AppData% subdirectories

Running batch commands

Searching for the window

Launching a process

Creating a file

Creating a process from a recently created file

Enabling autorun by creating a file

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Tags:

greyware packed

Link:

https://www.filescan.io/uploads/63839bd2559d07a06f47cda7/reports/fdd22f06-7719-4b93-b5ea-dafcf1cfb81b/overview

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Malware family:

Malicious Packer

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/f4cf56ce-95bf-4e19-852f-6a4fac3189bd

Result

Threat name:

Laplas Clipper

Detection:

malicious

Classification:

spyw.evad

Score:

100 / 100

Link:

https://www.joesandbox.com/analysis/1122004

Signature

Antivirus detection for dropped file

Antivirus detection for URL or domain

Detected unpacking (changes PE section rights)

Detected unpacking (overwrites its own PE header)

Machine Learning detection for sample

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for domain / URL

Multi AV Scanner detection for submitted file

Snort IDS alert for network traffic

Uses schtasks.exe or at.exe to add and modify task schedules

Yara detected Laplas Clipper

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/81e9eefec051e50a819e76fa1ec2f088c2e8c5de677537838193cf6c2e5c7584/

Threat name:

Win32.Trojan.MintZard

Status:

Malicious

First seen:

2022-11-27 00:55:34 UTC

File Type:

PE (Exe)

Extracted files:

AV detection:

16 of 26 (61.54%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=qhu657wakhsqvam6o35b5qxqrdborro6m52tpa4bsphwyls4owca._file

Verdict:

malicious

Result

Malware family:

laplas

Score:

10/10

Tags:

family:laplas stealer

Link:

https://tria.ge/reports/221127-vvarrsea97/

Behaviour

Laplas Clipper

Malware Config

C2 Extraction:

clipper.guru

Gathering data

Unpacked files

SH256 hash:

f341ad891d445c745f10b4861a5c273abf7a38a0bd85168e7e6528e6b5c0141d

MD5 hash:

03561db4d24e01a72fa847018262cf99

SHA1 hash:

69808e81aa578ea6af5ff68c0dc7ac6df61cea00

Link:

https://www.unpac.me/results/1dcd0946-d061-4e7c-8456-9f9d9f8cfe19/

SH256 hash:

81e9eefec051e50a819e76fa1ec2f088c2e8c5de677537838193cf6c2e5c7584

MD5 hash:

24774c7b900e0a51df665776b502cfc9

SHA1 hash:

220db17c0ba6b83ead730bf65c6e34d4da4eadaa

Link:

https://www.unpac.me/results/1dcd0946-d061-4e7c-8456-9f9d9f8cfe19/

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/_mb/81e9eefec051/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/81e9eefec051e50a819e76fa1ec2f088c2e8c5de677537838193cf6c2e5c7584

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.