MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3cd2ca1a45a96733269d60397d84b451e4b4f0b7f7cdc3c152bf9e88db773199. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

SHA256 hash:	3cd2ca1a45a96733269d60397d84b451e4b4f0b7f7cdc3c152bf9e88db773199
SHA3-384 hash:	a08ddcf71a3997a4913d131fb8615280eed4ad532a1223ab85eab00edf6314200611ddecf78b9340feae8dc5f79d0085
SHA1 hash:	cb7ac5e5e329336f1c4ac70918d4c11040745c82
MD5 hash:	2eb933d559c31066afbc930757b884a7
humanhash:	massachusetts-zebra-dakota-zulu
File name:	SecuriteInfo.com.PowerShell.Dropper.54.16770.29263
Download:	download sample
File size:	2'347'965 bytes
First seen:	2025-12-29 10:20:31 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	f6baa5eaa8231d4fe8e922a2e6d240ea (66 x CoinMiner, 22 x DCRat, 15 x LummaStealer)
ssdeep	49152:xgwRWCatzqbMLZRRmz4RC8QvCI9BsNapVi4BMY82IrE3rz2oSeYL:xgwR2qbMrRG4RCfvCI9BsuVi4WDrazOL
Threatray	1'154 similar samples on MalwareBazaar
TLSH	T192B533017BF884F1E2AC2C7851A126A296B9ADA2073641D3D7513DC295B32F0E73F7D9
TrID	38.7% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5) 24.6% (.EXE) Win64 Executable (generic) (10522/11/4) 11.8% (.EXE) Win16 NE executable (generic) (5038/12/1) 10.5% (.EXE) Win32 Executable (generic) (4504/4/1) 4.7% (.EXE) OS/2 Executable (generic) (2029/13)
Magika	pebin
dhash icon	68e0c0c4c4c4c4d8 (2 x Mimic, 1 x SalatStealer)
Reporter	SecuriteInfoCom
Tags:	exe

Intelligence

---

File Origin

# of uploads :

1

# of downloads :

161

Origin country :

FR

Vendor Threat Intelligence

ACCE 7zip_SFX

Malware configuration found for:

Archives

Details

Archives

an extracted 7-zip archive from the overlay data and SFX commands

Archives

extracted archive contents

Link:

https://research.acce.ciphertechsolutions.com/results/5724ac11-8702-449a-8979-d09331759638/

ANY.RUN Malicious

Malware family:

n/a

ID:

1

File name:

SecuriteInfo.com.PowerShell.Dropper.54.16770.29263

Verdict:

Malicious activity

Analysis date:

2025-12-29 11:07:42 UTC

Tags:

everything tool auto-reg auto generic smb ransomware

Link:

https://app.any.run/tasks/2de1fe42-519b-453a-858b-3c003a5bdf8c

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

CAPE Sandbox

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/46466/

ClamAV Detected

Detection(s):

SecuriteInfo.com.PowerShell.Dropper.54.16770.29263.UNOFFICIAL

Alert

Create hunting rule

CyberFortress Malicious

Verdict:

Malicious

Score:

96.5%

Link:

https://cyber-fortress.com/docs/result/index.php?id=6952561c7468b4bd1c8e9bf4

Tags:

shell virus sage

FileScan.IO Likely Malicious

Verdict:

Likely Malicious

Threat level:

  7.5/10

Confidence:

100%

Tags:

adaptive-context fingerprint installer installer installer-heuristic keylogger masquerade microsoft_visual_cc obfuscated overlay overlay ransomware

Link:

https://www.filescan.io/uploads/695256192fb7bb52ca80cc36/reports/86684cc1-aaee-4715-95e4-7cec92684b6d/overview

Hybrid Analysis Win/malicious_confidence_60%

Verdict:

Malicious

Labled as:

Win/malicious_confidence_60%

Link:

https://www.hybrid-analysis.com/sample/3cd2ca1a45a96733269d60397d84b451e4b4f0b7f7cdc3c152bf9e88db773199

Kaspersky OpenTIP Malicious

Verdict:

Malicious

File Type:

exe x32

First seen:

2025-12-29T07:24:00Z UTC

Last seen:

2025-12-31T06:23:00Z UTC

Hits:

~10

Detections:

Trojan-Ransom.Win32.Mimic.sb Trojan-Ransom.Win32.Encoder.sb Trojan-Ransom.Win32.Agent.sb Trojan.PowerShell.Kriptik.sba PDM:Trojan.Win32.Generic BSS:HackTool.Win32.Yzon.a Trojan.Win32.Agent.sb Trojan.PowerShell.Cobalt.sb HEUR:Trojan-Ransom.Win32.Generic HEUR:HackTool.Win64.NoDefender.a

Link:

https://opentip.kaspersky.com/3cd2ca1a45a96733269d60397d84b451e4b4f0b7f7cdc3c152bf9e88db773199/results?tab=lookup

Intezer Mimic Ransomware

Malware family:

Mimic Ransomware

Alert

Create hunting rule

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/9a7c1a85-7b5f-422c-ad20-a085b9cd2668

Nucleon Malprob Susipicious

Score:

54%

Verdict:

Susipicious

File Type:

PE

Link:

https://malprob.io/report/3cd2ca1a45a96733269d60397d84b451e4b4f0b7f7cdc3c152bf9e88db773199

Malva.RE Malware

Verdict:

Malware

YARA:

5 match(es)

Tags:

DeObfuscated Executable PE (Portable Executable) PE File Layout PowerShell SFX 7z Win 32 Exe x86

Link:

https://app.malva.re/file/2eb933d559c31066afbc930757b884a7

CERT.PL MWDB

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/3cd2ca1a45a96733269d60397d84b451e4b4f0b7f7cdc3c152bf9e88db773199/

Neiki Trojan-Ransom.Win32.Kriptik

Verdict:

Malicious

Threat:

Trojan-Ransom.Win32.Kriptik

Link:

https://tip.neiki.dev/file/3cd2ca1a45a96733269d60397d84b451e4b4f0b7f7cdc3c152bf9e88db773199

ReversingLabs TitaniumCloud Win32.Ransomware.Pay2Key

Threat name:

Win32.Ransomware.Pay2Key

Alert

Create hunting rule

Status:

Suspicious

First seen:

2025-12-29 10:21:16 UTC

File Type:

PE (Exe)

Extracted files:

14

AV detection:

13 of 24 (54.17%)

Threat level:

  5/5

Spamhaus Hash Blocklist Suspicious file

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=htjmugsfvfttgju5ma4x3bfukhslj4fx67g4hqksx6pirw3xggmq._file

Threatray hacktool_defendernot

Verdict:

malicious

Label(s):

hacktool_defendernot

Alert

Create hunting rule

Similar samples:

0ff90e51f04083e8bb34bb7a414a9b28a5e0264e152ac086e64b548e5a771956

821bbbfb7c8f4b3eaae16abd0dd1a868c7d39225f56b62013b1a563316460349

c2c68123486badda33b199b00beb3c098a067469593a371fdd54f2b6a2b03814

dd997344dce3d994e5699152d72ac88184929de709b0a9426f8570c8225627fb

error

fce5f95d9a8d8a4003af3fd63365d5f3a7746536d054d290534674fa8ef4b844

+ 1'144 additional samples on MalwareBazaar

Hatching Triage Suspicious

Result

Malware family:

n/a

Score:

  7/10

Tags:

discovery execution upx

Link:

https://tria.ge/reports/251229-mdrd7aylgv/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Enumerates physical storage devices

System Location Discovery: System Language Discovery

UPX packed file

Command and Scripting Interpreter: PowerShell

Checks computer location settings

Executes dropped EXE

Threat.Zone Malicious

Verdict:

Malicious

Tags:

n/a

YARA:

n/a

Link:

https://app.threat.zone/submission/e913f404-22f9-4e08-91bc-f1a3e5c91017

UnpacMe INDICATOR_SUSPICIOUS_GENRansomware INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM INDICATOR_SUSPICIOUS_ClearWinLogs INDICATOR_SUSPICIOUS_USNDeleteJournal

Unpacked files

SH256 hash:

3cd2ca1a45a96733269d60397d84b451e4b4f0b7f7cdc3c152bf9e88db773199

MD5 hash:

2eb933d559c31066afbc930757b884a7

SHA1 hash:

cb7ac5e5e329336f1c4ac70918d4c11040745c82

Link:

https://www.unpac.me/results/2e7a8d27-df3f-4f63-b254-10a18bd325c6/

SH256 hash:

e37aa72bca3cecb9bdbe51cbd81ec1143bb17163088a1379a4ccb93f5d881e76

MD5 hash:

5cac4fe734fc8454ccb847e030beee38

SHA1 hash:

34298fe220e35f614b2c837cf1dc2604ab0882d6

Link:

https://www.unpac.me/results/2e7a8d27-df3f-4f63-b254-10a18bd325c6/

SH256 hash:

ad80064f71d273967dcf0b14b9cd6e84d79a132231d619687d9266c7807bdfe0

MD5 hash:

a35ee23aaab26afc575ac83df9572b57

SHA1 hash:

81ea38c694ce9702faddfb961f17c1bbf628a76d

Link:

https://www.unpac.me/results/2e7a8d27-df3f-4f63-b254-10a18bd325c6/

SH256 hash:

00b9c0120df0595184523a3620ef9b3c3e11fc0e61d366d7eeabb646647cfceb

MD5 hash:

bd1f243ee2140f2f6118a7754ea02a63

SHA1 hash:

cdf7dd7dd1771edcc473037af80afd7e449e30d9

Link:

https://www.unpac.me/results/2e7a8d27-df3f-4f63-b254-10a18bd325c6/

SH256 hash:

0377585ec50ed2e1b3d8519be272599f31024accd20b484ddae8240e09cc83b4

MD5 hash:

13d3997b43c3d5cbafb0ff10b6f0dee1

SHA1 hash:

e650a76f3fa8d28e2ff3751ccf44d124ef2b82bd

Link:

https://www.unpac.me/results/2e7a8d27-df3f-4f63-b254-10a18bd325c6/

SH256 hash:

31ff14caa84eb19b43e60c9f0166e2db823b639cbef6bb8ecceb6bb3fb33ef33

MD5 hash:

26bf8c415d208bc2d1286821d8fbb66b

SHA1 hash:

4241fea673391b6f04239ec19c4d907d379cc35e

Link:

https://www.unpac.me/results/2e7a8d27-df3f-4f63-b254-10a18bd325c6/

SH256 hash:

fabe67d8afe3c1b68843fddf1ee082e8d7616472c7a9a7dbeebbe0f2f28cbb10

MD5 hash:

93a44df99ac8e2849e953704cfa46e94

SHA1 hash:

5e16df7a1a90bae13645a3ec23818be64a9b4905

Link:

https://www.unpac.me/results/2e7a8d27-df3f-4f63-b254-10a18bd325c6/

SH256 hash:

34e825f579aebdd847cda9a15eba02c84e570ba9b8fd74285d0a83b82dbd6610

MD5 hash:

17870cb962216c9822c224bafe8429c3

SHA1 hash:

2969bb678cf85514cf8edee1d873139fc3d0c72e

Detections:

INDICATOR_SUSPICIOUS_GENRansomware

Alert

Create hunting rule

INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM

Alert

Create hunting rule

INDICATOR_SUSPICIOUS_ClearWinLogs

Alert

Create hunting rule

INDICATOR_SUSPICIOUS_USNDeleteJournal

Alert

Create hunting rule

Link:

https://www.unpac.me/results/2e7a8d27-df3f-4f63-b254-10a18bd325c6/

SH256 hash:

e84589d33771a0ab3d64f1b12381d436c3453dac3141626b3a8dfcb8db3056ff

MD5 hash:

2e69bf16d84935b3f57244c14c03839a

SHA1 hash:

06553d6b59017ea580e15455b3a196fbebf297f7

Link:

https://www.unpac.me/results/2e7a8d27-df3f-4f63-b254-10a18bd325c6/

SH256 hash:

3481abf5c89eed4830cb2d8192c4da357b17866dd9e351898db68d814401cc83

MD5 hash:

510827aa18fb2e577aadc14039139984

SHA1 hash:

1ee826e2213aff3e87b042c347f94673d4a3fba9

Link:

https://www.unpac.me/results/2e7a8d27-df3f-4f63-b254-10a18bd325c6/

SH256 hash:

374ea77e9e8a1b6081bda8fb7728861f947cf9e543ae23c54e39cddd7b8f49c3

MD5 hash:

fef2ff6b172fd75582a80ea59be5f71a

SHA1 hash:

58036494383491f870c83ccdeddc4fa3fc845f88

Link:

https://www.unpac.me/results/2e7a8d27-df3f-4f63-b254-10a18bd325c6/

SH256 hash:

f457b1cb1b146ab07117e34dc50881ef787946a0311467d82469fdaa3e54884c

MD5 hash:

52b7073101ce2f83c85ed698f1ee0445

SHA1 hash:

cd2f016c79de7d4bf20d1366cc9483b610b4ffc2

Link:

https://www.unpac.me/results/2e7a8d27-df3f-4f63-b254-10a18bd325c6/

SH256 hash:

49f23f83807913b84917cfdb800ac04d905fdc844f4b41b6aaf894506864355b

MD5 hash:

0faecd43382ab6f35d8b2be61939377e

SHA1 hash:

c6295657d52bc5dc16fa2542be23dac7948fa400

Link:

https://www.unpac.me/results/2e7a8d27-df3f-4f63-b254-10a18bd325c6/

SH256 hash:

40868479f0df49de5ae66ff2e3f93eb81c1f7b8e1b3f67bfb5b32594367012b8

MD5 hash:

b886249584d7a1ebf40da981bbba4ec2

SHA1 hash:

df03b7b2a9e7cc4b524a523e1a3889c078ba3988

Link:

https://www.unpac.me/results/2e7a8d27-df3f-4f63-b254-10a18bd325c6/

SH256 hash:

e48661fe1583f74fdd75b73f1beaa91add5f63554fad11582161db166e1f2081

MD5 hash:

1849a3deab2a286a2f2be7586309da14

SHA1 hash:

5c5a706d6e71f5b1b520beb10e9bc52e66d2f75a

Link:

https://www.unpac.me/results/2e7a8d27-df3f-4f63-b254-10a18bd325c6/

VMRay Mimic

Malware family:

Mimic

Alert

Create hunting rule

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/_mb/3cd2ca1a45a9/report/overview.html

VirusTotal

Please note that we are no longer able to provide a coverage score for Virus Total.

YOROI YOMI Malicious File

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/3cd2ca1a45a96733269d60397d84b451e4b4f0b7f7cdc3c152bf9e88db773199

File information

---

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/46466/