MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fadd57bfef9fe4d5a74bc4a5a23e7218c7390d7b1954c0dfed8df2eaea1f6b2f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


LaplasClipper


Vendor detections: 13


Intelligence 13 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: fadd57bfef9fe4d5a74bc4a5a23e7218c7390d7b1954c0dfed8df2eaea1f6b2f
SHA3-384 hash: 7f7257809265cc147ae43f3b14e8fb0d8625a32841df5defe09bcddebb7e8bcde0847e0097f5d2757f702617a18ab8b9
SHA1 hash: 6542f8dc32c2b9717fd86620d128374707684703
MD5 hash: b26ce1da1b2953dccfc65325a82919ff
humanhash: missouri-lithium-ten-sixteen
File name:file
Download: download sample
Signature LaplasClipper
Create hunting rule
File size:11'472'896 bytes
First seen:2023-02-14 19:19:03 UTC
Last seen:2023-02-20 12:41:39 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 51ebb3e5684d1e1d0860210d15fcb59e (1 x LaplasClipper)
ssdeep 196608:zEW2wcCfFpmOU443b1rBemWT2P93ME7ojQ7msMC/oypacAurqCK9wOcmLRhFV8B5:wX1DjVMoojQdMjypx09wOcmLRV8pYpET
Threatray 259 similar samples on MalwareBazaar
TLSH T10DC6332233109049F8E4C8759A36FE6278F3353D4EB4CABB25D7B9CFF4615A6B102952
TrID 42.7% (.EXE) Win32 Executable (generic) (4505/5/1)
19.2% (.EXE) OS/2 Executable (generic) (2029/13)
19.0% (.EXE) Generic Win/DOS Executable (2002/3)
18.9% (.EXE) DOS Executable Generic (2000/1)
File icon (PE):PE icon
dhash icon f4dcc4d4fcd4d8f0 (1 x LaplasClipper)
Reporter jstrosch
Tags:exe LaplasClipper

Intelligence

File Origin
# of uploads :
2
# of downloads :
230
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
file
Verdict:
Malicious activity
Analysis date:
2023-02-14 19:23:12 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/e49bb6d0-280d-473d-a115-8db67486bd50

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/366045/
Result
Verdict:
Suspicious
Maliciousness:

Behaviour
Creating a file in the %AppData% subdirectories
Creating a process from a recently created file
Enabling autorun with the standard Software\Microsoft\Windows\CurrentVersion\Run registry branch
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/69856/overview
Behaviour
MalwareBazaar
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
packed virus
Link:
https://www.filescan.io/uploads/63ebdeab19bdad8346374f73/reports/34239e96-6737-4d51-ba1b-04aed52ada72/overview
Verdict:
Malicious
Labled as:
Trojan.Generic
Link:
https://www.hybrid-analysis.com/sample/fadd57bfef9fe4d5a74bc4a5a23e7218c7390d7b1954c0dfed8df2eaea1f6b2f
Result
Verdict:
MALICIOUS
Malware family:
Titan Stealer
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/15c24af8-8345-40bb-ac9a-9a122e86d973
Result
Threat name:
Laplas Clipper
Create hunting rule
Detection:
malicious
Classification:
spyw.evad
Score:
80 / 100
Link:
https://www.joesandbox.com/analysis/1174780
Signature
Hides threads from debuggers
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Overwrites code with unconditional jumps - possibly settings hooks in foreign process
PE file contains section with special chars
Tries to detect virtualization through RDTSC time measurements
Tries to evade analysis by execution special instruction (VM detection)
Yara detected Laplas Clipper
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/fadd57bfef9fe4d5a74bc4a5a23e7218c7390d7b1954c0dfed8df2eaea1f6b2f/
Threat name:
Win32.Trojan.Malgent
Create hunting rule
Status:
Malicious
First seen:
2023-02-02 20:28:00 UTC
File Type:
PE (Exe)
Extracted files:
14
AV detection:
18 of 26 (69.23%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=7lovpp7pt7snlj2lyss2eptsdddtsdl3dfkmbx7nrxzov2q7nmxq._file
Verdict:
malicious
Similar samples:
1177672bb473887c546d06186df9b67db3abf021768f3eacee66cdc10fd3c095
LaplasClipper
291003d022e462dc6ece1e0d6cf6a636520060358683596b71623f1c71a539c3
LaplasClipper
6a7e7099c98caacce2b7cb3e43f6bb88bb57e589f4c8541ae911067d4313680c
LaplasClipper
712c853955c56e27e3e4538978fa89018cdc5e5f56944ea0da2fc1a672adc73c
LaplasClipper
77570db1195a42024717d6223e0c55bc77e0246080b2fa7de24eac97391cdeda
LaplasClipper
82d011953a7743aef8d380c46177a5c9c9c56e0d9408f47a11eb7443be912e51
LaplasClipper
b06c5fb7651b8a6c683b62babcabd18da4d992f7d1e0f963c530832b18feacf4
LaplasClipper
ec50003de83269b82d86c2a2e4e44e6df77cc3aa7d3b967124b44cb47279c262
LaplasClipper
ede10b0831b70e13402d1210000353719d5164bc5480f0ff45de0e9e8cfa3498
LaplasClipper
f896fb8727bf4875b091c1e1f8c20c861e8887a751ebc9922d65e8750c4ed2a8
LaplasClipper
+ 249 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
persistence
Link:
https://tria.ge/reports/230214-x1hqnseh9t/
Behaviour
GoLang User-Agent
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Suspicious use of NtSetInformationThreadHideFromDebugger
Adds Run key to start application
Executes dropped EXE
Loads dropped DLL
Unpacked files
SH256 hash:
fadd57bfef9fe4d5a74bc4a5a23e7218c7390d7b1954c0dfed8df2eaea1f6b2f
MD5 hash:
b26ce1da1b2953dccfc65325a82919ff
SHA1 hash:
6542f8dc32c2b9717fd86620d128374707684703
Link:
https://www.unpac.me/results/12bc160c-7fce-4ebd-b073-2dbf007415d5/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/fadd57bfef9fe4d5a74bc4a5a23e7218c7390d7b1954c0dfed8df2eaea1f6b2f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

LaplasClipper

Executable exe fadd57bfef9fe4d5a74bc4a5a23e7218c7390d7b1954c0dfed8df2eaea1f6b2f

(this sample)

  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/366045/

Comments