MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8e6e3db76d44df50f82628eaaaf96fd9ef4dad484bc954ad0388fc6b6a66da43. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


LaplasClipper


Vendor detections: 10


Intelligence 10 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8e6e3db76d44df50f82628eaaaf96fd9ef4dad484bc954ad0388fc6b6a66da43
SHA3-384 hash: 700b6197d12ad377834653c21482344d966910033c06ddfdd7b88bc1aae733ae231f31a7886d19d6335f8e2cedbb0770
SHA1 hash: d59cf71fd91645b00f868d4f913c18675a58156e
MD5 hash: 076ff7b77b0f86ba643a581727420e7a
humanhash: social-wolfram-eighteen-michigan
File name:076ff7b77b0f86ba643a581727420e7a.exe
Download: download sample
Signature LaplasClipper
Create hunting rule
File size:3'979'776 bytes
First seen:2023-01-06 10:02:06 UTC
Last seen:2023-01-06 11:31:33 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash a85a9d824bbb991ac562a06ec02461e3 (2 x LaplasClipper)
ssdeep 98304:FhHn1k/Cw4bh6D1EGvvZwp/f6GU8RMPaTAj0TWvPtX2/SQ/6CUt+ON:FViaVb9uu6WmSuvPtMSQSCUt+ON
Threatray 136 similar samples on MalwareBazaar
TLSH T17106AFE0361AD2FFD2750875E982D903D328A3FD9604C502E95D743DDA32EAE368679C
TrID 30.2% (.EXE) Win64 Executable (generic) (10523/12/4)
18.9% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
14.5% (.EXE) Win16 NE executable (generic) (5038/12/1)
12.9% (.EXE) Win32 Executable (generic) (4505/5/1)
5.9% (.ICL) Windows Icons Library (generic) (2059/9)
Reporter abuse_ch
Tags:exe LaplasClipper

Intelligence

File Origin
# of uploads :
2
# of downloads :
189
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
076ff7b77b0f86ba643a581727420e7a.exe
Verdict:
Malicious activity
Analysis date:
2023-01-06 10:11:14 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/dcd2daa7-a140-44b5-a584-413d29891cbd

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/349955/
Detection(s):
SecuriteInfo.com.Variant.Lazy.281735.30875.10701.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for the window
Creating a file in the %AppData% subdirectories
Sending a custom TCP request
Сreating synchronization primitives
Launching a process
Creating a process with a hidden window
Enabling autorun by creating a file
Verdict:
No Threat
Threat level:
  2/10
Confidence:
100%
Tags:
greyware shell32.dll
Link:
https://www.filescan.io/uploads/63b7f1d640e878e304232595/reports/f107a76b-cb49-4b0d-9a3e-589d989d9e6a/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/1f4b2fe7-dca3-4de6-b3be-c0bd7019d4d9
Result
Threat name:
Laplas Clipper
Create hunting rule
Detection:
malicious
Classification:
spyw.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/1146279
Signature
Antivirus detection for dropped file
Antivirus detection for URL or domain
Machine Learning detection for sample
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Query firmware table information (likely to detect VMs)
Snort IDS alert for network traffic
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Uses schtasks.exe or at.exe to add and modify task schedules
Yara detected Laplas Clipper
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/8e6e3db76d44df50f82628eaaaf96fd9ef4dad484bc954ad0388fc6b6a66da43/
Threat name:
Win32.Trojan.Tasker
Create hunting rule
Status:
Malicious
First seen:
2023-01-06 05:45:29 UTC
File Type:
PE (Exe)
Extracted files:
1
AV detection:
21 of 26 (80.77%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=rzxd3n3nitpvb6bgfdvkv6lp3hxu3lkijpevjlidrd6gw2tg3jbq._file
Verdict:
malicious
Similar samples:
18ec6ad33329044a8f37e410c0eda8c26ec4ed80ec1277fa32cdfe4070dd8393
LaplasClipper
6c4cf7b175c499172b59d7f5f5ece3b6717345b6ea0b6e53d56b315516dd870e
LaplasClipper
75418ef4eef30a8a01341680675b7384d2aabab97b0e61fe6e814c34f6731e38
LaplasClipper
76b7ff5106fa84a7b6eb29454ca6e6af88711c3f128b28147a6a7f2ef28e8347
LaplasClipper
a1226fa2480bd40c0490b5ce5e1407f663a27cbbb77187d70dc8557d78d46c5c
LaplasClipper
a484a486e4ccce5d89bed7fd21d3aef4802a85b3147a0445ccca16b3df95267a
LaplasClipper
a7b9f85870179430e1d8776a0fe5b2bfde0dfee26a168c5ace0287a7a461835c
LaplasClipper
c8b1c11bf16a1052dffb6942d955c31cdad7f0b154e1f855882d4d95359efa54
LaplasClipper
e366497c19208fe45bd04dd3d83f4ec71108b2cefeb4fdaeb60e139743c8bb40
LaplasClipper
+ 126 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  9/10
Tags:
evasion themida trojan
Link:
https://tria.ge/reports/230106-l3c3esbc9w/
Behaviour
Creates scheduled task(s)
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Checks whether UAC is enabled
Checks BIOS information in registry
Checks computer location settings
Themida packer
Executes dropped EXE
Identifies VirtualBox via ACPI registry values (likely anti-VM)
Verdict:
Malicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/dc9b6f91-80d9-4d94-9f1a-2b18771d5c17
Unpacked files
SH256 hash:
8e6e3db76d44df50f82628eaaaf96fd9ef4dad484bc954ad0388fc6b6a66da43
MD5 hash:
076ff7b77b0f86ba643a581727420e7a
SHA1 hash:
d59cf71fd91645b00f868d4f913c18675a58156e
Link:
https://www.unpac.me/results/9bee9eae-73bc-4088-8e0e-75e9f7c48087/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/8e6e3db76d44df50f82628eaaaf96fd9ef4dad484bc954ad0388fc6b6a66da43

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:INDICATOR_EXE_Packed_Themida
Create hunting rule
Author:ditekSHen
Description:Detects executables packed with Themida

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

LaplasClipper

Executable exe 8e6e3db76d44df50f82628eaaaf96fd9ef4dad484bc954ad0388fc6b6a66da43

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/2469977/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/349955/

Comments