MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 77e3253cf2fb344e0fc397a36fa8f926c6678b1abdd9a12117a2a341aa60ff13. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 14


Intelligence 14 IOCs YARA 7 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 77e3253cf2fb344e0fc397a36fa8f926c6678b1abdd9a12117a2a341aa60ff13
SHA3-384 hash: 7ad42abbac45e1713a6cccd675837dea46c4837ab60bf8086946683505ee5ed259b620be6f4d0133d05d486349ce7b76
SHA1 hash: c0940288008b310b6ec52bbf91c428d5d4e06058
MD5 hash: b9330ad7159273ca7c784c9ca3cc9d6d
humanhash: zebra-timing-steak-kilo
File name:77e3253cf2fb344e0fc397a36fa8f926c6678b1abdd9a12117a2a341aa60ff13
Download: download sample
File size:340'992 bytes
First seen:2026-06-08 09:34:29 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash d04feef9f2f0dd0a18187fe3826aaf2a (3 x Stealc, 1 x ClipBanker)
ssdeep 6144:T6YaTDvpL7IF/Kz8plA4omkla3VbwXDhAYSzf5U:TCIvplsvla3VENABzfG
Threatray 87 similar samples on MalwareBazaar
TLSH T1A5745B45B6A40CFDE967827CC9A34A06D7B2B8560770EBCF03A046965F277D09E3E721
TrID 33.1% (.EXE) Win64 Executable (generic) (6522/11/2)
25.6% (.EXE) Win16 NE executable (generic) (5038/12/1)
10.4% (.ICL) Windows Icons Library (generic) (2059/9)
10.3% (.EXE) OS/2 Executable (generic) (2029/13)
10.1% (.EXE) Generic Win/DOS Executable (2002/3)
Magika pebin
Reporter adrian__luca
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
45
Origin country :
HU HU
Vendor Threat Intelligence
Malware configuration found for:
Diamotrix
Details
Link:
https://research.acce.ciphertechsolutions.com/results/5cf3da51-a203-4a1b-adc3-318aa2676ad5/
Malware family:
amadey
Create hunting rule
ID:
1
File name:
x12e2a6c158525bc7592f96377235dfa9fd133f97eb00d9116ffac60aed7194dd.exe
Verdict:
Malicious activity
Analysis date:
2026-05-11 14:47:49 UTC
Tags:
stealc stealer payload auto-reg amadey botnet auto-sch auto generic arch-doc
Link:
https://app.any.run/tasks/1dd532cc-11cd-4a1f-9930-9939ab0f93c4

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/69831/
Detection(s):
Win.Keylogger.Clipbanker-10059291-0
Create hunting rule

Win.Trojan.Lazy-10059292-0
Create hunting rule

Verdict:
Malicious
Score:
99.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=6a268dbbae2f98c00a68c91a
Tags:
emotet cobalt
Result
Verdict:
Malware
Maliciousness:

Behaviour
Enabling autorun with the standard Software\Microsoft\Windows\CurrentVersion\Run registry branch
Unauthorized injection to a system process
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
anti-debug anti-vm clipbanker exploit explorer keylogger lolbin microsoft_visual_cc mikey similar-threat
Link:
https://www.filescan.io/uploads/6a268d351f652d68656dbf37/reports/23a60394-fba7-4cbc-8528-f9920db6049f/overview
Verdict:
Malicious
Labled as:
Mikey.Generic
Link:
https://www.hybrid-analysis.com/sample/77e3253cf2fb344e0fc397a36fa8f926c6678b1abdd9a12117a2a341aa60ff13
Verdict:
Malicious
File Type:
exe x64
First seen:
2026-05-10T14:44:00Z UTC
Last seen:
2026-05-31T20:05:00Z UTC
Hits:
~100
Link:
https://opentip.kaspersky.com/77e3253cf2fb344e0fc397a36fa8f926c6678b1abdd9a12117a2a341aa60ff13/results?tab=lookup
Malware family:
NewPosThings
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/36ecc568-5cf4-4fa5-a374-202fb8d42e6f
Score:
100%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/77e3253cf2fb344e0fc397a36fa8f926c6678b1abdd9a12117a2a341aa60ff13
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/77e3253cf2fb344e0fc397a36fa8f926c6678b1abdd9a12117a2a341aa60ff13/
Threat name:
Win64.Trojan.Mikey
Create hunting rule
Status:
Malicious
First seen:
2026-05-10 18:06:43 UTC
AV detection:
19 of 24 (79.17%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=o7rskphs7m2e4d6ds6rw7khze3dgpcy2xxm2ciixukrudkta74jq._file
Verdict:
malicious
Label(s):
unc_clipper_003
Create hunting rule
Similar samples:
105987492bef48ec9dce03ad6ada29ce8d3b71622cd8110e75f6aa6d55f24538
11e8084e7792e38c432e041b5b0e4341cbd21c97e050ab2739e77e7fe30d0d1b
1be5d7ecc54005badf1cc4bd6503bd8771e74fb2ad5cf6de3f690316224e2f21
1c397ada0d892653faac5489a6dbd187093efabd50953a90f60e85260e17fe5f
203858a2a480b9efc8e97209a38731941d985960eaa9fcf6045bb972f34b0761
77e3253cf2fb344e0fc397a36fa8f926c6678b1abdd9a12117a2a341aa60ff13
ea05197e0c3bfb7ca461146bcfba417834b97a96d2a24397d745fe0f487e5d59
error
+ 77 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  6/10
Tags:
persistence
Link:
https://tria.ge/reports/260608-llymssbv8k/
Behaviour
Modifies registry class
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of UnmapMainImage
Suspicious use of WriteProcessMemory
Adds Run key to start application
Unpacked files
SH256 hash:
77e3253cf2fb344e0fc397a36fa8f926c6678b1abdd9a12117a2a341aa60ff13
MD5 hash:
b9330ad7159273ca7c784c9ca3cc9d6d
SHA1 hash:
c0940288008b310b6ec52bbf91c428d5d4e06058
Link:
https://www.unpac.me/results/548fe760-6c01-4e12-9e43-affb10506e74/
SH256 hash:
390335e2d3369805b8fc54b8783419beb6c470496d07bd4ac4bd3527172e4d70
MD5 hash:
d327edaa5292807913d4b565b40f6bcc
SHA1 hash:
c2649645adf7bfd5a4f4fcbff7932e18b79b6964
Link:
https://www.unpac.me/results/548fe760-6c01-4e12-9e43-affb10506e74/
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/77e3253cf2fb/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:cobalt_strike_tmp01925d3f
Create hunting rule
Author:The DFIR Report
Description:files - file ~tmp01925d3f.exe
Reference:https://thedfirreport.com
Rule name:CP_Script_Inject_Detector
Create hunting rule
Author:DiegoAnalytics
Description:Detects attempts to inject code into another process across PE, ELF, Mach-O binaries
Rule name:DebuggerCheck__API
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:golang_bin_JCorn_CSC846
Create hunting rule
Author:Justin Cornwell
Description:CSC-846 Golang detection ruleset
Rule name:INDICATOR_SUSPICIOUS_ReflectiveLoader
Create hunting rule
Author:ditekSHen
Description:Detects Reflective DLL injection artifacts
Rule name:ReflectiveLoader
Create hunting rule
Author:Florian Roth (Nextron Systems)
Description:Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended
Reference:Internal Research
Rule name:VECT_Ransomware
Create hunting rule
Author:Mustafa Bakhit
Description:Detects activity associated with VECT ransomware. This includes registry modifications and deletions, execution of system and defense-evasion commands, suspicious API usage, mutex creation, file and memory manipulation, ransomware note generation, anti-debugging and anti-analysis techniques, and embedded cryptographic constants (SHA256) characteristic of this malware family. Designed for threat intelligence and malware detection environments.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/69831/

Comments