MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 518e83f226c9a0ab4bfd27b3561331da201041c1c88c38e17b0dcdb4c8a7b742. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mimic


Vendor detections: 17


Intelligence 17 IOCs YARA 3 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 518e83f226c9a0ab4bfd27b3561331da201041c1c88c38e17b0dcdb4c8a7b742
SHA3-384 hash: 7b72726e6d1efe49ec037a81451d5fa59b5efbc88b4a16dfe7c8b53ed68294a9fad9ce57de845e78a8d63442bb3e244d
SHA1 hash: 6cc78e66e44a28b1b6bb7e77eec22066c545cd2f
MD5 hash: e1af0acbebcaa1ceaaea9829c144954f
humanhash: florida-mirror-crazy-muppet
File name:SecuriteInfo.com.PowerShell.Dropper.54.24226.7311
Download: download sample
Signature Mimic
Create hunting rule
File size:5'315'024 bytes
First seen:2025-08-22 14:19:10 UTC
Last seen:2025-08-22 15:20:29 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f6baa5eaa8231d4fe8e922a2e6d240ea (66 x CoinMiner, 22 x DCRat, 15 x LummaStealer)
ssdeep 98304:mgwR1votgthvz1t+8VbgzDdIsAAhOGricuXC16hRDecL7Td9nN1Z36ViB:mgSu+httOzDusAieM8Z1l3qVO
TLSH T111363390B7825CB0FB9872706AB5A97F5EADB6E407D017DB731C0D1906111E08BFA2ED
TrID 38.7% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5)
24.6% (.EXE) Win64 Executable (generic) (10522/11/4)
11.8% (.EXE) Win16 NE executable (generic) (5038/12/1)
10.5% (.EXE) Win32 Executable (generic) (4504/4/1)
4.7% (.EXE) OS/2 Executable (generic) (2029/13)
Magika pebin
dhash icon 34f0c4c2d2c4c4d4 (1 x Mimic)
Reporter SecuriteInfoCom
Tags:exe Mimic

Intelligence

File Origin
# of uploads :
2
# of downloads :
51
Origin country :
FR FR
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
SecuriteInfo.com.PowerShell.Dropper.54.24226.7311
Verdict:
Malicious activity
Analysis date:
2025-08-22 14:22:19 UTC
Tags:
auto-reg mimic ransomware everything tool auto generic themida
Link:
https://app.any.run/tasks/7dd09e53-030b-4b9f-b9b3-cc8f31d70ca1

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/22957/
Verdict:
Malicious
Score:
93.3%
Link:
https://cyber-fortress.com/docs/result/index.php?id=68a87c85e9d9dbcfd96d16a7
Tags:
shell virus sage
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Creating a file in the %temp% subdirectories
Running batch commands
Creating a process with a hidden window
Launching a process
Moving a file to the %temp% subdirectory
Creating a process from a recently created file
Creating a file in the Program Files subdirectories
Launching cmd.exe command interpreter
Creating a service
Launching a service
Сreating synchronization primitives
Creating a file
Moving a recently created file
Searching for synchronization primitives
Launching the default Windows debugger (dwwin.exe)
Searching for analyzing tools
Searching for the window
Adding an access-denied ACE
Forced system process termination
Enabling autorun for a service
Enabling autorun with the standard Software\Microsoft\Windows\CurrentVersion\Run registry branch
Enabling autorun with the shell\open\command registry branches
Forced shutdown of a system process
Changing the Windows explorer settings
Enabling autorun
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
adaptive-context fingerprint installer keylogger masquerade microsoft_visual_cc obfuscated overlay packed packer_detected
Link:
https://www.filescan.io/uploads/68a87c814a87ed7967684ff1/reports/ba19c266-c890-43f8-8359-bc4d0db0d155/overview
Verdict:
Malicious
Labled as:
Win/grayware_confidence_60%
Link:
https://www.hybrid-analysis.com/sample/518e83f226c9a0ab4bfd27b3561331da201041c1c88c38e17b0dcdb4c8a7b742
Verdict:
Malicious
File Type:
exe x32
First seen:
2025-08-22T11:33:00Z UTC
Last seen:
2025-08-22T11:33:00Z UTC
Hits:
~10
Detections:
Trojan-Ransom.Win32.Agent.sb Trojan.Win32.Agent.sb Trojan.PowerShell.Cobalt.sb HEUR:Trojan-Ransom.Win32.Generic HEUR:HackTool.Win64.NoDefender.a BSS:HackTool.Win32.Yzon.a Trojan-Ransom.Win32.Mimic.sb
Link:
https://opentip.kaspersky.com/518e83f226c9a0ab4bfd27b3561331da201041c1c88c38e17b0dcdb4c8a7b742/results?tab=lookup
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/03ba135f-94c9-4f3e-b1ae-801fa8c342f1
Score:
66%
Verdict:
Susipicious
File Type:
PE
Link:
https://malprob.io/report/518e83f226c9a0ab4bfd27b3561331da201041c1c88c38e17b0dcdb4c8a7b742
Verdict:
Malware
YARA:
5 match(es)
Tags:
DeObfuscated Executable PE (Portable Executable) PE File Layout PowerShell SFX 7z Win 32 Exe x86
Link:
https://app.malva.re/file/e1af0acbebcaa1ceaaea9829c144954f
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/518e83f226c9a0ab4bfd27b3561331da201041c1c88c38e17b0dcdb4c8a7b742/
Verdict:
Malicious
Threat:
HackTool.Win32.Mimic
Link:
https://tip.neiki.dev/file/518e83f226c9a0ab4bfd27b3561331da201041c1c88c38e17b0dcdb4c8a7b742
Threat name:
Win32.Trojan.Egairtigado
Create hunting rule
Status:
Malicious
First seen:
2025-08-22 14:20:59 UTC
File Type:
PE (Exe)
Extracted files:
14
AV detection:
17 of 24 (70.83%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=kghih4rgzgqkws75e6zvmezr3iqbaqobzcgdryl3bxg3jsfhw5ba._file
Verdict:
suspicious
Label(s):
elpaco-team
Create hunting rule
Similar samples:
error
Mimic
Result
Malware family:
n/a
Score:
  8/10
Tags:
defense_evasion discovery execution upx
Link:
https://tria.ge/reports/250822-rm7vrahr6w/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
System Location Discovery: System Language Discovery
UPX packed file
Command and Scripting Interpreter: PowerShell
Checks computer location settings
Executes dropped EXE
Modifies trusted root certificate store through registry
Verdict:
Malicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/aa83e89c-1937-490a-acb1-57cdd5a558f1
Unpacked files
SH256 hash:
518e83f226c9a0ab4bfd27b3561331da201041c1c88c38e17b0dcdb4c8a7b742
MD5 hash:
e1af0acbebcaa1ceaaea9829c144954f
SHA1 hash:
6cc78e66e44a28b1b6bb7e77eec22066c545cd2f
Link:
https://www.unpac.me/results/769cf880-7e08-4c77-b041-5c71267be61f/
SH256 hash:
bd547a2be4ff8f0445b611ca394a7aea686c0b13de6271f2054db6bd75139d13
MD5 hash:
e2f1df08509588c616241dbc62d1a6d2
SHA1 hash:
82019cdce4bb5de31b30231525d4e18546174945
Link:
https://www.unpac.me/results/769cf880-7e08-4c77-b041-5c71267be61f/
SH256 hash:
9c332c575c84d12a8f4d7022fdd43e8a00ad80c518e1cc27e875fc8285e6b583
MD5 hash:
ac46620e176bb1eae3f86ae237f861e6
SHA1 hash:
f32a3263755a55c848a4c89eac3bcd171c37f366
Detections:
INDICATOR_EXE_Packed_Themida
Create hunting rule
Link:
https://www.unpac.me/results/769cf880-7e08-4c77-b041-5c71267be61f/
SH256 hash:
2761b79387dd525c24ff87970d4355baaa7f6a0d149b3d65c2c32c48edbd1df1
MD5 hash:
feb1dbedf28cb7755d473b3cf269631f
SHA1 hash:
9defaf827c197aa4eacbdc6adae73f7a62546f4f
Link:
https://www.unpac.me/results/769cf880-7e08-4c77-b041-5c71267be61f/
SH256 hash:
f712a033ef877170d0587a0a8e782c59334a842c95626e513b2290fc091fa84b
MD5 hash:
5f0126dad7a9ab4e04e673d4c3058ec8
SHA1 hash:
4a67f178b6901001ca26ab813a8c512f10a18ff0
Link:
https://www.unpac.me/results/769cf880-7e08-4c77-b041-5c71267be61f/
SH256 hash:
b6301160d2cceb9df1bb2d0548d65c31ecc38b694fa5efe67899935f19870fce
MD5 hash:
46857dedd8ea45006ec3ebff24739f8b
SHA1 hash:
47bd7d9f2eb13d178327769b964043887258390e
Link:
https://www.unpac.me/results/769cf880-7e08-4c77-b041-5c71267be61f/
SH256 hash:
f457b1cb1b146ab07117e34dc50881ef787946a0311467d82469fdaa3e54884c
MD5 hash:
52b7073101ce2f83c85ed698f1ee0445
SHA1 hash:
cd2f016c79de7d4bf20d1366cc9483b610b4ffc2
Link:
https://www.unpac.me/results/769cf880-7e08-4c77-b041-5c71267be61f/
Malware family:
Mimic
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/518e83f226c9/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/518e83f226c9a0ab4bfd27b3561331da201041c1c88c38e17b0dcdb4c8a7b742

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:CP_AllMal_Detector
Create hunting rule
Author:DiegoAnalytics
Description:CrossPlatform All Malwares Detector: Detect PE, ELF, Mach-O, scripts, archives; overlay, obfuscation, encryption, spoofing, hiding, high entropy, network communication
Rule name:observer
Create hunting rule
Author:Michelle Khalil
Description:This rule detects unpacked observer malware samples.
Rule name:Sus_Obf_Enc_Spoof_Hide_PE
Create hunting rule
Author:XiAnzheng
Description:Check for Overlay, Obfuscating, Encrypting, Spoofing, Hiding, or Entropy Technique(can create FP)

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mimic

Executable exe 518e83f226c9a0ab4bfd27b3561331da201041c1c88c38e17b0dcdb4c8a7b742

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3609170/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/22957/

Comments