MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bccaebaedd0ef46f14b8ac4e2bd62c73f722aba8e69ddb328b3eb97949a1919d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


LaplasClipper


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: bccaebaedd0ef46f14b8ac4e2bd62c73f722aba8e69ddb328b3eb97949a1919d
SHA3-384 hash: 9b0d49f3fdb1eedd61930c4911a17a0c69efb8f01f0ea7b711ea3db31d360f44457af940cea4e60e215197d324aa2239
SHA1 hash: 98f106c66a189615e8c0b21e674c91f3d858cdc4
MD5 hash: e16a355aee8243229bc2eec7bda6e79b
humanhash: lithium-vermont-fillet-monkey
File name:e16a355aee8243229bc2eec7bda6e79b.exe
Download: download sample
Signature LaplasClipper
Create hunting rule
File size:5'843'456 bytes
First seen:2022-12-23 17:43:54 UTC
Last seen:2022-12-23 19:30:54 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 19f041dde2e6babdd4b55b8cfcf6b4bf (2 x LaplasClipper)
ssdeep 98304:tvw163r7GK04sp4BkAY43WiPBIHHyIWd36hth1Gd0GHeLhad/fdX+IrR:4IYX2BkAYwWiPBIHH6d04iAetUf9+q
Threatray 3 similar samples on MalwareBazaar
TLSH T1434612F96194339CC41AC9344533ED88B2F5191F1BDC85EAF5EBBAC07B6A810DA46F06
TrID 38.3% (.EXE) Win16 NE executable (generic) (5038/12/1)
15.6% (.ICL) Windows Icons Library (generic) (2059/9)
15.4% (.EXE) OS/2 Executable (generic) (2029/13)
15.2% (.EXE) Generic Win/DOS Executable (2002/3)
15.2% (.EXE) DOS Executable Generic (2000/1)
Reporter abuse_ch
Tags:exe LaplasClipper

Intelligence

File Origin
# of uploads :
2
# of downloads :
172
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
e16a355aee8243229bc2eec7bda6e79b.exe
Verdict:
Malicious activity
Analysis date:
2022-12-23 17:46:45 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/c74aeb87-c017-45eb-8fdd-9b7aca9c88ef

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection(s):
SecuriteInfo.com.Generic.ML.PUA.4192.12747.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Searching for the window
Sending a custom TCP request
Launching a process
Creating a process with a hidden window
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
packed shell32.dll
Link:
https://www.filescan.io/uploads/63a5e8e4cdd311264932ff3e/reports/603f4bf5-d81c-42cc-bf08-65d0ece7ac7e/overview
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/f543d4d2-b0aa-4148-a472-af1e9a0b855e
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
64 / 100
Link:
https://www.joesandbox.com/analysis/1140153
Signature
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Overwrites code with unconditional jumps - possibly settings hooks in foreign process
PE file contains section with special chars
Uses schtasks.exe or at.exe to add and modify task schedules
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 772886 Sample: 3BU6FVCozx.exe Startdate: 23/12/2022 Architecture: WINDOWS Score: 64 20 Multi AV Scanner detection for submitted file 2->20 22 Machine Learning detection for sample 2->22 24 PE file contains section with special chars 2->24 7 3BU6FVCozx.exe 5 2->7         started        10 edgeTaskUpdater.exe 1 2->10         started        process3 signatures4 26 Overwrites code with unconditional jumps - possibly settings hooks in foreign process 7->26 28 Uses schtasks.exe or at.exe to add and modify task schedules 7->28 12 schtasks.exe 1 7->12         started        14 conhost.exe 7->14         started        16 conhost.exe 10->16         started        process5 process6 18 conhost.exe 12->18         started       
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/bccaebaedd0ef46f14b8ac4e2bd62c73f722aba8e69ddb328b3eb97949a1919d/
Threat name:
Win64.Trojan.Tasker
Create hunting rule
Status:
Malicious
First seen:
2022-12-23 16:23:26 UTC
File Type:
PE+ (Exe)
Extracted files:
1
AV detection:
9 of 26 (34.62%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=xtfoxlw5b32g6ffyvrhcxvrmop3sfk5i42o5wmulh24xssnbsgoq._file
Verdict:
malicious
Similar samples:
70c5c7eabc6132a6f083ab2f820592b985aab4b11ac5e46f944586f0e725fea0
LaplasClipper
9bbd2fc484077da329ae3658122614fa1f9f9dfe9e3ebfb982a69d32fc55a66b
LaplasClipper
bb2ab6b864ce12a5df5b90ff291d5f1ef8fe2de529d986cf99ccc6272dd1e576
LaplasClipper
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/221223-wa6jdaca8t/
Behaviour
Creates scheduled task(s)
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Checks computer location settings
Executes dropped EXE
Unpacked files
SH256 hash:
bccaebaedd0ef46f14b8ac4e2bd62c73f722aba8e69ddb328b3eb97949a1919d
MD5 hash:
e16a355aee8243229bc2eec7bda6e79b
SHA1 hash:
98f106c66a189615e8c0b21e674c91f3d858cdc4
Link:
https://www.unpac.me/results/b1fbd42d-c869-46bd-8e84-cc440b073962/
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/bccaebaedd0e/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/bccaebaedd0ef46f14b8ac4e2bd62c73f722aba8e69ddb328b3eb97949a1919d

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

LaplasClipper

Executable exe bccaebaedd0ef46f14b8ac4e2bd62c73f722aba8e69ddb328b3eb97949a1919d

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/2469977/
  
Delivery method
Distributed via web download

Comments