MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 87361ba2bb412dcf49f8738f3b8b9b7dccb557ad2e76ea8d98ffa5b098ae3886. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 9


Intelligence 9 IOCs YARA 5 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 87361ba2bb412dcf49f8738f3b8b9b7dccb557ad2e76ea8d98ffa5b098ae3886
SHA3-384 hash: 341c46f876c7502e2f22d0941e306b40d590b90a4630b9df2d27639429a91e5359a87d117f5b0e0ccb4b4ec4ce1bb361
SHA1 hash: f12acf3c9d123277961ab11c57ac480f74440e05
MD5 hash: bdc248b7ad0e4e28d30ecbd476a8e944
humanhash: bacon-bulldog-romeo-wyoming
File name:dump.bin
Download: download sample
File size:233'472 bytes
First seen:2026-03-09 08:18:12 UTC
Last seen:2026-03-09 09:41:35 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 7c443e2d238a0838878ab4cae0571492
ssdeep 3072:N8h1DnnA4tDw/sliLbjlJ6Bd4MD2vUQz+K1fKiKjX6mNasZ74mGhzfx7:NS1DB+ZbjlYT1cUQz+yfKVOYZqf
TLSH T19A348C0676A558F9ED77813D89528A0AEA737C450321EAFF03E043626F536D09F3EB52
TrID 51.9% (.EXE) Win64 Executable (generic) (6522/11/2)
16.1% (.EXE) OS/2 Executable (generic) (2029/13)
15.9% (.EXE) Generic Win/DOS Executable (2002/3)
15.9% (.EXE) DOS Executable (generic) (2000/1)
Magika pebin
Reporter DuyJoseph
Tags:ClipBanker exe


Avatar
DuyJoseph
Initial Access ps1 script: http://45.156.87.17/reg

Intelligence

File Origin
# of uploads :
2
# of downloads :
130
Origin country :
VN VN
Vendor Threat Intelligence
No detections
Malware family:
n/a
ID:
1
File name:
dump.bin
Verdict:
No threats detected
Analysis date:
2026-03-09 08:20:10 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/aa0d4c71-5cb9-4edd-aacc-cd779dc65ae0

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/56736/
Detection(s):
SecuriteInfo.com.Trojan.ClipSpy.122.11882.31265.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
96.5%
Link:
https://cyber-fortress.com/docs/result/index.php?id=69ae824ae5dc8e2b2c316bcc
Tags:
virus
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
anti-vm base64 clipbanker crypt fingerprint masquerade microsoft_visual_cc unsafe
Link:
https://www.filescan.io/uploads/69ae824691ad9169e537f8cc/reports/26cb0036-d775-4b80-a60c-922f4f969aa7/overview
Verdict:
Malicious
Labled as:
Midie.Generic
Link:
https://www.hybrid-analysis.com/sample/87361ba2bb412dcf49f8738f3b8b9b7dccb557ad2e76ea8d98ffa5b098ae3886
Verdict:
Malicious
File Type:
exe x64
First seen:
2026-02-11T12:06:00Z UTC
Last seen:
2026-02-11T14:16:00Z UTC
Hits:
~100
Link:
https://opentip.kaspersky.com/87361ba2bb412dcf49f8738f3b8b9b7dccb557ad2e76ea8d98ffa5b098ae3886/results?tab=lookup
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/3ca46b79-e8c4-439c-9103-6db7628554e9
Score:
91%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/87361ba2bb412dcf49f8738f3b8b9b7dccb557ad2e76ea8d98ffa5b098ae3886
Verdict:
inconclusive
YARA:
4 match(es)
Tags:
Executable PDB Path PE (Portable Executable) PE File Layout Win 64 Exe x64
Link:
https://app.malva.re/file/bdc248b7ad0e4e28d30ecbd476a8e944
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/87361ba2bb412dcf49f8738f3b8b9b7dccb557ad2e76ea8d98ffa5b098ae3886/
Threat name:
Win64.Trojan.Midie
Create hunting rule
Status:
Malicious
First seen:
2026-02-22 17:20:36 UTC
File Type:
PE+ (Exe)
AV detection:
22 of 36 (61.11%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=q43bxiv3iew46spyoohtxc43pxglkv5nfz3ovdmy76s3bgfohcda._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/260309-j7dhmsbx6m/
Unpacked files
SH256 hash:
87361ba2bb412dcf49f8738f3b8b9b7dccb557ad2e76ea8d98ffa5b098ae3886
MD5 hash:
bdc248b7ad0e4e28d30ecbd476a8e944
SHA1 hash:
f12acf3c9d123277961ab11c57ac480f74440e05
Link:
https://www.unpac.me/results/703182e5-7e2e-417f-a9de-95f76bed1df0/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/87361ba2bb412dcf49f8738f3b8b9b7dccb557ad2e76ea8d98ffa5b098ae3886

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:cobalt_strike_tmp01925d3f
Create hunting rule
Author:The DFIR Report
Description:files - file ~tmp01925d3f.exe
Reference:https://thedfirreport.com
Rule name:DebuggerCheck__API
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:golang_bin_JCorn_CSC846
Create hunting rule
Author:Justin Cornwell
Description:CSC-846 Golang detection ruleset
Rule name:MD5_Constants
Create hunting rule
Author:phoul (@phoul)
Description:Look for MD5 constants
Rule name:pe_detect_tls_callbacks
Create hunting rule

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

PowerShell (PS) ps1 b1246e4b3421acdca8b1596c6e5455f555b5b87bcff9895f2eba5164367921e8

PowerShell (PS) ps1 dd893628d2aa25e542b26e521ced905a75736e4560631e08e1b77673a4691ed8

Executable exe 87361ba2bb412dcf49f8738f3b8b9b7dccb557ad2e76ea8d98ffa5b098ae3886

(this sample)

  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/56736/
  
Dropped by
SHA256 dd893628d2aa25e542b26e521ced905a75736e4560631e08e1b77673a4691ed8
  
Dropped by
MD5 820ab37ae3c587308dd42232f877b2a3

Comments