MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9b2a630e6d367fb9d1fe122c6dbc3859c65bde3e2a2a6be653a23d364911f1fa. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mimic


Vendor detections: 17


Intelligence 17 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9b2a630e6d367fb9d1fe122c6dbc3859c65bde3e2a2a6be653a23d364911f1fa
SHA3-384 hash: 64966e105a221d4f04c8b014fcc6460804bdadea0ef47a19fa9b623c59959c7bcbf88b3df91fd3ecc3e32b2f8087b552
SHA1 hash: da5bb7118fad2cb3cd67510acb5ea9b71ae473c3
MD5 hash: 7fbca6b3634d3cf57195606526e27b46
humanhash: failed-october-virginia-oven
File name:file
Download: download sample
Signature Mimic
Create hunting rule
File size:2'342'266 bytes
First seen:2026-01-15 16:23:06 UTC
Last seen:2026-01-15 17:36:27 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f6baa5eaa8231d4fe8e922a2e6d240ea (61 x CoinMiner, 22 x DCRat, 15 x LummaStealer)
ssdeep 49152:IgwR4njORGEqBKfI18DXc5WDAky+AKkw0QOfat9OojItG:IgwR4nB/HCDIWDRYKkdQOu9QtG
Threatray 22 similar samples on MalwareBazaar
TLSH T1E4B53382BBE1CDB8F6C211361545B5A12ADDF2B01FC049CF6B5C06055BB1AE4CAFA39D
TrID 38.7% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5)
24.6% (.EXE) Win64 Executable (generic) (10522/11/4)
11.8% (.EXE) Win16 NE executable (generic) (5038/12/1)
10.5% (.EXE) Win32 Executable (generic) (4504/4/1)
4.7% (.EXE) OS/2 Executable (generic) (2029/13)
Magika pebin
Reporter Bitsight
Tags:c dropped-by-gcleaner exe Mimic MIX9.file


Avatar
Bitsight
url: http://194.38.20.224/service

Intelligence

File Origin
# of uploads :
2
# of downloads :
146
Origin country :
US US
Vendor Threat Intelligence
Malware configuration found for:
Archives
Details
Archives
extracted archive contents
Archives
an extracted 7-zip archive from the overlay data and SFX commands
Link:
https://research.acce.ciphertechsolutions.com/results/c2769364-5455-4078-b670-d631e74b8f64/
Malware family:
n/a
ID:
1
File name:
_9b2a630e6d367fb9d1fe122c6dbc3859c65bde3e2a2a6be653a23d364911f1fa.exe
Verdict:
Malicious activity
Analysis date:
2026-01-15 16:24:10 UTC
Tags:
auto-reg everything tool auto generic smb ransomware
Link:
https://app.any.run/tasks/1bd1e331-9612-442c-9dce-e7ad27a1b147

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/49016/
Verdict:
Malicious
Score:
70%
Link:
https://cyber-fortress.com/docs/result/index.php?id=69691485ef906a21abcd7fa7
Tags:
injection
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
adaptive-context fingerprint installer installer keylogger masquerade microsoft_visual_cc obfuscated overlay overlay pay2key ransomware
Link:
https://www.filescan.io/uploads/69691480584f1963ad54f8f5/reports/67086cf0-d92c-40d7-8a9d-48fafee832dd/overview
Verdict:
Malicious
Labled as:
Win/grayware_confidence_90%
Link:
https://www.hybrid-analysis.com/sample/9b2a630e6d367fb9d1fe122c6dbc3859c65bde3e2a2a6be653a23d364911f1fa
Verdict:
Malicious
File Type:
exe x32
First seen:
2026-01-15T13:40:00Z UTC
Last seen:
2026-01-17T08:03:00Z UTC
Hits:
~10
Detections:
Trojan-Ransom.Win32.Mimic.sb Trojan-Ransom.Win32.Agent.sb Trojan.Win32.Agent.sb Trojan.PowerShell.Cobalt.sb HEUR:Trojan-Ransom.Win32.Generic HEUR:HackTool.Win64.NoDefender.a BSS:HackTool.Win32.Yzon.a Trojan.PowerShell.Kriptik.sba
Link:
https://opentip.kaspersky.com/9b2a630e6d367fb9d1fe122c6dbc3859c65bde3e2a2a6be653a23d364911f1fa/results?tab=lookup
Malware family:
Mimic Ransomware
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/4ded391a-cd17-40d2-8581-2448ffbf4553
Score:
89%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/9b2a630e6d367fb9d1fe122c6dbc3859c65bde3e2a2a6be653a23d364911f1fa
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/9b2a630e6d367fb9d1fe122c6dbc3859c65bde3e2a2a6be653a23d364911f1fa/
Verdict:
Malicious
Threat:
HackTool.Win32.Mimic
Link:
https://tip.neiki.dev/file/9b2a630e6d367fb9d1fe122c6dbc3859c65bde3e2a2a6be653a23d364911f1fa
Threat name:
Win32.Ransomware.Pay2Key
Create hunting rule
Status:
Suspicious
First seen:
2026-01-15 16:23:31 UTC
File Type:
PE (Exe)
Extracted files:
14
AV detection:
13 of 24 (54.17%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=tmvggdtngz73tup6ciwg3pbylhdfxxr6fivgxzstui6tmsir6h5a._file
Verdict:
malicious
Label(s):
hacktool_defendernot
Create hunting rule
Similar samples:
3cd2ca1a45a96733269d60397d84b451e4b4f0b7f7cdc3c152bf9e88db773199
Mimic
518e83f226c9a0ab4bfd27b3561331da201041c1c88c38e17b0dcdb4c8a7b742
Mimic
5adec34dbd4c68769ffa5abdb7c0424b5cdf56a4f925e8b87c53cf4a5294afe6
Mimic
ab960e62b411ac05fc55137a7fc0d653347c4c38ad212939c3e6a719372a7b2e
Mimic
c9a5e60fd024d07aaf86a0403edc8a3d0af5fcf8bd3216925774096f6ceab326
Mimic
dd997344dce3d994e5699152d72ac88184929de709b0a9426f8570c8225627fb
Mimic
dedc10ea2c4608a502c7a6d53e2196d3dd1dbd10bdd118d65e7a8df2996ddfaa
Mimic
e1a3e3e0cc2e8b9476504c920ee20c9e50ef9f3270d7c4562da774dd9c990c58
Mimic
error
Mimic
+ 12 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
discovery execution upx
Link:
https://tria.ge/reports/260115-tv14aags8h/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
System Location Discovery: System Language Discovery
UPX packed file
Command and Scripting Interpreter: PowerShell
Checks computer location settings
Executes dropped EXE
Verdict:
Malicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/d874ddd7-96b3-4053-8377-1638644b187c
Unpacked files
SH256 hash:
9b2a630e6d367fb9d1fe122c6dbc3859c65bde3e2a2a6be653a23d364911f1fa
MD5 hash:
7fbca6b3634d3cf57195606526e27b46
SHA1 hash:
da5bb7118fad2cb3cd67510acb5ea9b71ae473c3
Link:
https://www.unpac.me/results/b2f72cb3-b3d3-4068-bd60-a419a6d1c219/
SH256 hash:
e37aa72bca3cecb9bdbe51cbd81ec1143bb17163088a1379a4ccb93f5d881e76
MD5 hash:
5cac4fe734fc8454ccb847e030beee38
SHA1 hash:
34298fe220e35f614b2c837cf1dc2604ab0882d6
Link:
https://www.unpac.me/results/b2f72cb3-b3d3-4068-bd60-a419a6d1c219/
SH256 hash:
ad80064f71d273967dcf0b14b9cd6e84d79a132231d619687d9266c7807bdfe0
MD5 hash:
a35ee23aaab26afc575ac83df9572b57
SHA1 hash:
81ea38c694ce9702faddfb961f17c1bbf628a76d
Link:
https://www.unpac.me/results/b2f72cb3-b3d3-4068-bd60-a419a6d1c219/
SH256 hash:
00b9c0120df0595184523a3620ef9b3c3e11fc0e61d366d7eeabb646647cfceb
MD5 hash:
bd1f243ee2140f2f6118a7754ea02a63
SHA1 hash:
cdf7dd7dd1771edcc473037af80afd7e449e30d9
Link:
https://www.unpac.me/results/b2f72cb3-b3d3-4068-bd60-a419a6d1c219/
SH256 hash:
0377585ec50ed2e1b3d8519be272599f31024accd20b484ddae8240e09cc83b4
MD5 hash:
13d3997b43c3d5cbafb0ff10b6f0dee1
SHA1 hash:
e650a76f3fa8d28e2ff3751ccf44d124ef2b82bd
Link:
https://www.unpac.me/results/b2f72cb3-b3d3-4068-bd60-a419a6d1c219/
SH256 hash:
0e733e347b0b6337923715e5b1cbf67d634943f2c04181cf7016d76c42e6732f
MD5 hash:
f89081eafff0505205020e6315a2c5c5
SHA1 hash:
023f4c8de851000cedd27b33ad4aee6ca81e729d
Detections:
INDICATOR_SUSPICIOUS_GENRansomware
Create hunting rule
INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM
Create hunting rule
INDICATOR_SUSPICIOUS_ClearWinLogs
Create hunting rule
INDICATOR_SUSPICIOUS_USNDeleteJournal
Create hunting rule
Link:
https://www.unpac.me/results/b2f72cb3-b3d3-4068-bd60-a419a6d1c219/
SH256 hash:
135752700c2df1695db7968de9c53502c32c15f14624e6344b51940d5b951475
MD5 hash:
93e954839aefb3010968a42ff798a8f1
SHA1 hash:
fc769175ce13539527ec97f6b90b73a18c57870c
Link:
https://www.unpac.me/results/b2f72cb3-b3d3-4068-bd60-a419a6d1c219/
SH256 hash:
d8e42139b3278327127dac96d28a9552db5eab2cca7f0c4b3f27206ca699a149
MD5 hash:
7806b71abf95eba62f0a89b573854a22
SHA1 hash:
3e96eb44b3e28bc151d5d7d0a1bc5936bcad0380
Link:
https://www.unpac.me/results/b2f72cb3-b3d3-4068-bd60-a419a6d1c219/
SH256 hash:
9a2c5798ec17536572a446fc084daf7c9aeab62585925c9bc0a50d58adf42a4c
MD5 hash:
2d429a9ffe6d8dd6c9d6591e33345652
SHA1 hash:
8bdeb43e7478e00f71c34494440b308558c55db8
Link:
https://www.unpac.me/results/b2f72cb3-b3d3-4068-bd60-a419a6d1c219/
SH256 hash:
635ed49d17daa3ab625bda439fd4bfc1e340cdf23b1c95ff1dc68ecaff3ce4ee
MD5 hash:
0cbac07c8e2508850626f515222a64d8
SHA1 hash:
228129069dadbe16ebdd1a2be4181394f82f3191
Link:
https://www.unpac.me/results/b2f72cb3-b3d3-4068-bd60-a419a6d1c219/
SH256 hash:
7c165c44ee5fef4952f285635c9e00ad58aa4c4669ca9ab6d9157ef79bdf351a
MD5 hash:
3ec24b622eaf0b94eda09673081dd7a8
SHA1 hash:
0ad1e5680cc5fb3d2d4bb23e1c8277cc447391d5
Link:
https://www.unpac.me/results/b2f72cb3-b3d3-4068-bd60-a419a6d1c219/
SH256 hash:
ee9fa714d1cd8322fd1d9534d3baa121b436d5c589bad8c40ff28e6ab2e2166d
MD5 hash:
182498eca7b0fb4b00b375b715805a40
SHA1 hash:
18ff550f47ac37af99c5771ddb79f9b9d0608d93
Link:
https://www.unpac.me/results/b2f72cb3-b3d3-4068-bd60-a419a6d1c219/
SH256 hash:
f457b1cb1b146ab07117e34dc50881ef787946a0311467d82469fdaa3e54884c
MD5 hash:
52b7073101ce2f83c85ed698f1ee0445
SHA1 hash:
cd2f016c79de7d4bf20d1366cc9483b610b4ffc2
Link:
https://www.unpac.me/results/b2f72cb3-b3d3-4068-bd60-a419a6d1c219/
SH256 hash:
ba2313bbf61167e3d394dc19cafb5a17d120771dc0c220aa54c3c9f489fd14a4
MD5 hash:
883d6a09e394f937dfad3eb5dd12e8b8
SHA1 hash:
a3dc445546da91aecb5a4aae0947e8cb9f179fe0
Link:
https://www.unpac.me/results/b2f72cb3-b3d3-4068-bd60-a419a6d1c219/
SH256 hash:
49f23f83807913b84917cfdb800ac04d905fdc844f4b41b6aaf894506864355b
MD5 hash:
0faecd43382ab6f35d8b2be61939377e
SHA1 hash:
c6295657d52bc5dc16fa2542be23dac7948fa400
Link:
https://www.unpac.me/results/b2f72cb3-b3d3-4068-bd60-a419a6d1c219/
Malware family:
Mimic
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/9b2a630e6d36/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/9b2a630e6d367fb9d1fe122c6dbc3859c65bde3e2a2a6be653a23d364911f1fa

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mimic

Executable exe 9b2a630e6d367fb9d1fe122c6dbc3859c65bde3e2a2a6be653a23d364911f1fa

(this sample)

  
Dropped by
Gcleaner
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/49016/

Comments