MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ddf3e88009b31395bad6bdf11bd57e6b0f77d28ee29f2dda306c8a9147e45263. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


LaplasClipper


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ddf3e88009b31395bad6bdf11bd57e6b0f77d28ee29f2dda306c8a9147e45263
SHA3-384 hash: 90f852483c46ef537ee9f9b5f5afeb3f7e93706d0f54b75dcb806fe2865112801407ddc08a304114cf9387608457b203
SHA1 hash: 35e5d3c912e406cc6aaf3b25cb983641a7605b66
MD5 hash: 08e7e0da767d6c6a629627caad9f9a78
humanhash: lion-xray-pennsylvania-stream
File name:08e7e0da767d6c6a629627caad9f9a78.exe
Download: download sample
Signature LaplasClipper
Create hunting rule
File size:5'666'816 bytes
First seen:2022-12-20 09:52:53 UTC
Last seen:2022-12-20 11:32:38 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 06034380a955222fd337fddcf511d417 (2 x LaplasClipper)
ssdeep 98304:tDfRit+1X5/S6mZid5Sm3jlhuhG2LGbQkVCdPnLIVKWqEFJSog:tD+mJ/SRZid5S7hTZkkIKWLZ
Threatray 36 similar samples on MalwareBazaar
TLSH T16A46239E26583368C01AC1385133ED55F2B6561F07E8DAEA77DEBE807BB6810D941F0E
TrID 44.4% (.EXE) Win64 Executable (generic) (10523/12/4)
21.3% (.EXE) Win16 NE executable (generic) (5038/12/1)
8.7% (.ICL) Windows Icons Library (generic) (2059/9)
8.5% (.EXE) OS/2 Executable (generic) (2029/13)
8.4% (.EXE) Generic Win/DOS Executable (2002/3)
Reporter abuse_ch
Tags:exe LaplasClipper

Intelligence

File Origin
# of uploads :
2
# of downloads :
178
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/348296/
Detection(s):
SecuriteInfo.com.Win64.Trojan-gen.25707.15965.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:
Gathering data
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/cbf7ca05-7e34-4ec4-ae9e-897a0bdf308f
Result
Threat name:
Laplas Clipper
Create hunting rule
Detection:
malicious
Classification:
spyw.evad
Score:
88 / 100
Link:
https://www.joesandbox.com/analysis/1137855
Signature
Allocates memory in foreign processes
Injects a PE file into a foreign processes
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
PE file contains section with special chars
Snort IDS alert for network traffic
Uses schtasks.exe or at.exe to add and modify task schedules
Writes to foreign memory regions
Yara detected Laplas Clipper
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 770583 Sample: Q3Xio281BI.exe Startdate: 20/12/2022 Architecture: WINDOWS Score: 88 23 clipper.guru 2->23 25 Snort IDS alert for network traffic 2->25 27 Multi AV Scanner detection for submitted file 2->27 29 Yara detected Laplas Clipper 2->29 31 2 other signatures 2->31 8 edgeTaskUpdater.exe 1 2->8         started        11 Q3Xio281BI.exe 5 2->11         started        signatures3 process4 signatures5 33 Writes to foreign memory regions 8->33 35 Allocates memory in foreign processes 8->35 37 Injects a PE file into a foreign processes 8->37 13 conhost.exe 8->13         started        15 AppLaunch.exe 8->15         started        39 Uses schtasks.exe or at.exe to add and modify task schedules 11->39 17 schtasks.exe 1 11->17         started        19 conhost.exe 11->19         started        process6 process7 21 conhost.exe 17->21         started       
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ddf3e88009b31395bad6bdf11bd57e6b0f77d28ee29f2dda306c8a9147e45263/
Threat name:
Win64.Trojan.LaplaceCLipper
Create hunting rule
Status:
Malicious
First seen:
2022-12-20 02:24:50 UTC
File Type:
PE+ (Exe)
Extracted files:
1
AV detection:
17 of 26 (65.38%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=3xz6raajwmjzlowwxxyrxvl6nmhxpuuo4kps3wrqnsfjcr7ekjrq._file
Verdict:
malicious
Similar samples:
13d8b891a0f9c00af8c624a5bfd24f42d15fba3e19225d29b9af39cd9f8cea03
LaplasClipper
55466ebc5b9c9e17e47e2af745c118001c1163eaa9aa945760f90b2af3f8362c
LaplasClipper
8a9b5baa26e6f289b6c6b06c8c94bef37b39e8ff64701a0121a31e9f6123bfef
LaplasClipper
979633ef5386a4386d862a8643210676ec89394021b2513a69e5588ff5b49453
LaplasClipper
d6cde7214122a3c08f0a0c66673ae8c70188740d780cde1b5eb1f839d412a17f
LaplasClipper
f36a8b642ad4cbf276e83861df2328926ec3f899794036e30736e63a9d078185
LaplasClipper
+ 26 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/221220-lwmnaacc9y/
Behaviour
Creates scheduled task(s)
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Checks computer location settings
Executes dropped EXE
Verdict:
Suspicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/8a3cbd0d-d6be-4a06-8e94-b09ee3087991
Unpacked files
SH256 hash:
ddf3e88009b31395bad6bdf11bd57e6b0f77d28ee29f2dda306c8a9147e45263
MD5 hash:
08e7e0da767d6c6a629627caad9f9a78
SHA1 hash:
35e5d3c912e406cc6aaf3b25cb983641a7605b66
Link:
https://www.unpac.me/results/bfe11d0c-5157-4c97-835e-37b04c809b29/
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/ddf3e88009b3/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/ddf3e88009b31395bad6bdf11bd57e6b0f77d28ee29f2dda306c8a9147e45263

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

LaplasClipper

Executable exe ddf3e88009b31395bad6bdf11bd57e6b0f77d28ee29f2dda306c8a9147e45263

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/2469977/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/348296/

Comments