MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9fa24d29a8644629194aae0dded04c6f0c4b4633e6efb3927c011826252e63dc. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


LaplasClipper


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9fa24d29a8644629194aae0dded04c6f0c4b4633e6efb3927c011826252e63dc
SHA3-384 hash: 7d5602be0efb5b37d9dd01490c1008cbd0dad7f2383176baf7ba73177a60582379d1bb751c636ca9188b97e060b76bd5
SHA1 hash: 1a56435b9781403137b244486db0d04bf7ced47d
MD5 hash: dcd32a06487c141d547a39047eb3738f
humanhash: wyoming-texas-bravo-winter
File name:dcd32a06487c141d547a39047eb3738f.exe
Download: download sample
Signature LaplasClipper
Create hunting rule
File size:5'625'216 bytes
First seen:2023-01-20 19:50:18 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash e8bb1d2b3d7a38a26a36311f1c89ad6c (1 x SystemBC, 1 x LaplasClipper, 1 x RaccoonStealer)
ssdeep 98304:YwAlnC81TjxgbkgZ4rKVK04Oe1JT5swyijedCPregYZhopGHmd1IThuz8LC:lknC81/g9Zrj4OUHxZregYuXXI6
Threatray 277 similar samples on MalwareBazaar
TLSH T14246236316415084D4F58C398A27FEA072F35EABCB42DC3F68DABDC624769A5F61B403
TrID 42.7% (.EXE) Win32 Executable (generic) (4505/5/1)
19.2% (.EXE) OS/2 Executable (generic) (2029/13)
19.0% (.EXE) Generic Win/DOS Executable (2002/3)
18.9% (.EXE) DOS Executable Generic (2000/1)
File icon (PE):PE icon
dhash icon cc2b69ccec692bcc (2 x RecordBreaker, 1 x Arechclient2, 1 x LaplasClipper)
Reporter abuse_ch
Tags:exe LaplasClipper

Intelligence

File Origin
# of uploads :
1
# of downloads :
193
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
dcd32a06487c141d547a39047eb3738f.exe
Verdict:
Malicious activity
Analysis date:
2023-01-20 20:01:39 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/f959c52f-ad5f-44da-a169-93d220ca42b4

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/355120/
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file in the %AppData% subdirectories
Сreating synchronization primitives
Launching a process
Creating a process with a hidden window
Creating a process from a recently created file
Enabling autorun by creating a file
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/61855/overview
Behaviour
MalwareBazaar
Verdict:
No Threat
Threat level:
  2/10
Confidence:
80%
Tags:
overlay packed
Link:
https://www.filescan.io/uploads/63caf0a889bd67c10fd8e13c/reports/d1910d3f-9e51-4a0d-90f6-821c3e66b09b/overview
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/968df39b-662b-43b2-b237-a5165e3649de
Result
Threat name:
Laplas Clipper
Create hunting rule
Detection:
malicious
Classification:
spyw.evad
Score:
84 / 100
Link:
https://www.joesandbox.com/analysis/1155793
Signature
Hides threads from debuggers
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Overwrites code with unconditional jumps - possibly settings hooks in foreign process
Query firmware table information (likely to detect VMs)
Tries to detect virtualization through RDTSC time measurements
Tries to evade analysis by execution special instruction (VM detection)
Uses schtasks.exe or at.exe to add and modify task schedules
Yara detected Laplas Clipper
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/9fa24d29a8644629194aae0dded04c6f0c4b4633e6efb3927c011826252e63dc/
Threat name:
Win32.Adware.RedCap
Create hunting rule
Status:
Malicious
First seen:
2023-01-20 08:26:30 UTC
File Type:
PE (Exe)
Extracted files:
24
AV detection:
13 of 26 (50.00%)
Threat level:
  1/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=t6re2knimrdcsgkkvyg55ucmn4gewrrt43x3het4aemcmjjompoa._file
Verdict:
malicious
Label(s):
raccoon
Create hunting rule
Similar samples:
1e2900a2e5335d8e39efbe152f5b885c9a4a2e44361b85038e96c9eee3da8cbd
LaplasClipper
1e5c7dcfbe4a1e9da06229b4512229c463b0268832b9cb6cdb35a1153963be37
LaplasClipper
46ccb1e790326ab7cd362ca2206af51dce52592770d36dbeaa4d0446ac451f27
LaplasClipper
6fb65aaabd2d911fb31722cbd1d41399ded20e0e1dfef8907b7c9317727d398f
LaplasClipper
70b91f00ebfb662f6fb25a7fed46c0c4f905cd16dc9af28b10620783fe8e94af
LaplasClipper
ac3195f7ced04d5042e462ff8253575143d75b2a1cc7b446002574b6df304475
LaplasClipper
cba2a99e147d807ab2d61744de51dbc8b8205d09f1ca9b2dd472d1953b274c11
LaplasClipper
e6f1142d31761fb10385b5f535aeebc3e0deaf71bf231fe8bb6925eb25b41759
LaplasClipper
f5c67fe00b4cbee07d5e394c87f0c6224bbd841a92151d04841f584d56e58b0c
LaplasClipper
+ 267 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/230120-yks25sbe6x/
Behaviour
Creates scheduled task(s)
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks computer location settings
Executes dropped EXE
Unpacked files
SH256 hash:
9fa24d29a8644629194aae0dded04c6f0c4b4633e6efb3927c011826252e63dc
MD5 hash:
dcd32a06487c141d547a39047eb3738f
SHA1 hash:
1a56435b9781403137b244486db0d04bf7ced47d
Link:
https://www.unpac.me/results/c147ad1c-0200-427f-982a-e2cc320297b2/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
0.89
Link:
https://yomi.yoroi.company/submissions/9fa24d29a8644629194aae0dded04c6f0c4b4633e6efb3927c011826252e63dc

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

LaplasClipper

Executable exe 9fa24d29a8644629194aae0dded04c6f0c4b4633e6efb3927c011826252e63dc

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/2512360/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/355120/

Comments