MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9519213470741b6fff0f407edf4744e0553f8ebbe50c729fa085414437e9badc. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 11

Intelligence 11 IOCs YARA 5 File information Comments

SHA256 hash:	9519213470741b6fff0f407edf4744e0553f8ebbe50c729fa085414437e9badc
SHA3-384 hash:	608407c19c87724347598004e50d2f21ba7eb2357dc45a69599f0245d4bc5e46f20c3f928531ef5bb88bbbb43416f13c
SHA1 hash:	1a13456b5ca8fa23dc7fe4de4b940bef8b3aead1
MD5 hash:	af5734baf7389a2ea4f58eb7c947b805
humanhash:	utah-west-hawaii-neptune
File name:	file
Download:	download sample
File size:	253'952 bytes
First seen:	2026-01-22 00:00:46 UTC
Last seen:	2026-01-23 23:02:06 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	0bc790d86115172fa0bd2d854a03262b
ssdeep	3072:onRe+47+01Nze5hjqZIu5SVDPArJN1sa0AlxPkdaIB8hPNLo9rUc7b1HAzhay3:ono+47+sNzg2ZCpYVN1sQQ4MYcqFa
TLSH	T1D9447C15B6A80CFDE97B813CC9524906DB72BC560B61EACF07A04AD74F236E49E3E711
TrID	48.7% (.EXE) Win64 Executable (generic) (10522/11/4) 23.3% (.EXE) Win16 NE executable (generic) (5038/12/1) 9.3% (.EXE) OS/2 Executable (generic) (2029/13) 9.2% (.EXE) Generic Win/DOS Executable (2002/3) 9.2% (.EXE) DOS Executable Generic (2000/1)
Magika	pebin
Reporter	Bitsight
Tags:	dropped dropped-by-Stealc exe

Bitsight

url: http://196.251.107.61/ziobxq.exe

Intelligence

File Origin

# of uploads :

# of downloads :

105

Origin country :

Vendor Threat Intelligence

No detections

Malware family:

n/a

ID:

File name:

_9519213470741b6fff0f407edf4744e0553f8ebbe50c729fa085414437e9badc.exe

Verdict:

Malicious activity

Analysis date:

2026-01-22 00:02:53 UTC

Tags:

auto-reg crypto-regex

Link:

https://app.any.run/tasks/663c2251-e48e-4ad7-b243-a449d0f27868

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/49685/

Verdict:

Malicious

Score:

99.9%

Link:

https://cyber-fortress.com/docs/result/index.php?id=697168bbbcad3327ec076fb3

Tags:

ransomware injection dropper

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

clipbanker clipper exploit fingerprint microsoft_visual_cc

Link:

https://www.filescan.io/uploads/697168b7abc6d3ca6debcaaa/reports/744fbb39-0a52-4a61-88ec-103ea65fefe2/overview

Verdict:

Malicious

Labled as:

Win/malicious_confidence_90%

Link:

https://www.hybrid-analysis.com/sample/9519213470741b6fff0f407edf4744e0553f8ebbe50c729fa085414437e9badc

Verdict:

Malicious

File Type:

exe x64

First seen:

2026-01-21T21:08:00Z UTC

Last seen:

2026-01-22T12:54:00Z UTC

Hits:

~100

Detections:

Trojan-Banker.Win32.ClipBanker.sb Trojan.Win32.Reconyc.sb Trojan.Win32.Agent.sb HEUR:Trojan-Banker.Win32.ClipBanker.gen Trojan-Dropper.Win32.Dorifel.sbd PDM:Trojan.Win32.Generic

Link:

https://opentip.kaspersky.com/9519213470741b6fff0f407edf4744e0553f8ebbe50c729fa085414437e9badc/results?tab=lookup

Verdict:

Unknown

Link:

https://analyze.intezer.com/analyses/24299d0b-de3b-44ae-90f4-599b853cd346

Score:

84%

Verdict:

Malware

File Type:

Link:

https://malprob.io/report/9519213470741b6fff0f407edf4744e0553f8ebbe50c729fa085414437e9badc

Verdict:

inconclusive

YARA:

4 match(es)

Tags:

Executable PDB Path PE (Portable Executable) PE File Layout Win 64 Exe x64

Link:

https://app.malva.re/file/af5734baf7389a2ea4f58eb7c947b805

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/9519213470741b6fff0f407edf4744e0553f8ebbe50c729fa085414437e9badc/

Verdict:

Malicious

Threat:

Trojan-Banker.Win32.ClipBanker

Link:

https://tip.neiki.dev/file/9519213470741b6fff0f407edf4744e0553f8ebbe50c729fa085414437e9badc

Threat name:

Win64.Infostealer.ClipBanker

Status:

Malicious

First seen:

2026-01-22 00:00:59 UTC

File Type:

PE+ (Exe)

AV detection:

16 of 24 (66.67%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=sumscndqoqnw77ypib7n6r2e4bkt7dv34ughfh5aqvauin7jxloa._file

Result

Malware family:

n/a

Score:

7/10

Tags:

persistence

Link:

https://tria.ge/reports/260122-aatnxsez6g/

Behaviour

Adds Run key to start application

Executes dropped EXE

Unpacked files

SH256 hash:

9519213470741b6fff0f407edf4744e0553f8ebbe50c729fa085414437e9badc

MD5 hash:

af5734baf7389a2ea4f58eb7c947b805

SHA1 hash:

1a13456b5ca8fa23dc7fe4de4b940bef8b3aead1

Link:

https://www.unpac.me/results/1a1da5b2-e356-4f62-afdb-8639858a1071/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/9519213470741b6fff0f407edf4744e0553f8ebbe50c729fa085414437e9badc

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	cobalt_strike_tmp01925d3f Create hunting rule
Author:	The DFIR Report
Description:	files - file ~tmp01925d3f.exe
Reference:	https://thedfirreport.com

Rule name:	DebuggerCheck__API Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara

Rule name:	golang_bin_JCorn_CSC846 Create hunting rule
Author:	Justin Cornwell
Description:	CSC-846 Golang detection ruleset

Rule name:	INDICATOR_SUSPICIOUS_ReflectiveLoader Create hunting rule
Author:	ditekSHen
Description:	Detects Reflective DLL injection artifacts

Rule name:	ReflectiveLoader Create hunting rule
Author:	Florian Roth (Nextron Systems)
Description:	Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended
Reference:	Internal Research

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

exe 9519213470741b6fff0f407edf4744e0553f8ebbe50c729fa085414437e9badc

(this sample)

Dropped by

StealC

Delivery method

Distributed via web download

Cape

https://www.capesandbox.com/analysis/49685/

URLhaus

https://urlhaus.abuse.ch/url/3761642/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample