MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ab960e62b411ac05fc55137a7fc0d653347c4c38ad212939c3e6a719372a7b2e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

SHA256 hash:	ab960e62b411ac05fc55137a7fc0d653347c4c38ad212939c3e6a719372a7b2e
SHA3-384 hash:	de9301cbede44fe34a154e6c41e7a57887ff53893231996571d48ea46982f2474751776fd63b928b8f31486adaffdbef
SHA1 hash:	168aa45e4b2c51d25a956f55a03c1cbf48cc9570
MD5 hash:	2619c10e7d4154b9976861843142fc5e
humanhash:	high-wyoming-nuts-stairway
File name:	file
Download:	download sample
Signature	Mimic Alert Create hunting rule
File size:	2'336'241 bytes
First seen:	2026-01-15 09:40:41 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	f6baa5eaa8231d4fe8e922a2e6d240ea (61 x CoinMiner, 22 x DCRat, 15 x LummaStealer)
ssdeep	49152:DgwR70pmXor4QlvGN4RwAqul5DQVGGiqabZnP8QQCxGuh:DgwRILrNFGyxfQ23bZncCx/h
Threatray	1'176 similar samples on MalwareBazaar
TLSH	T1B4B53322B3C2C5B1E1C8127049D7A7AB85FCE7515B1801D39B9E4E063EBE5C2E67D386
TrID	38.7% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5) 24.6% (.EXE) Win64 Executable (generic) (10522/11/4) 11.8% (.EXE) Win16 NE executable (generic) (5038/12/1) 10.5% (.EXE) Win32 Executable (generic) (4504/4/1) 4.7% (.EXE) OS/2 Executable (generic) (2029/13)
Magika	pebin
Reporter	Bitsight
Tags:	a dropped-by-gcleaner exe Mimic MIX9.file

Bitsight

url: http://194.38.20.224/service

Intelligence

---

File Origin

# of uploads :

1

# of downloads :

172

Origin country :

US

Vendor Threat Intelligence

ACCE 7zip_SFX

Malware configuration found for:

Archives

Details

Archives

extracted archive contents

Archives

an extracted 7-zip archive from the overlay data and SFX commands

Link:

https://research.acce.ciphertechsolutions.com/results/2dd1733a-eead-4e4c-a9c6-196c2b3c0085/

ANY.RUN Malicious

Malware family:

n/a

ID:

1

File name:

file

Verdict:

Malicious activity

Analysis date:

2026-01-15 09:41:25 UTC

Tags:

auto-reg everything tool auto generic smb ransomware

Link:

https://app.any.run/tasks/a34a2da0-4a73-472d-8a4c-e36554520ea2

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

CAPE Sandbox

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/48978/

CyberFortress Malicious

Verdict:

Malicious

Score:

70%

Link:

https://cyber-fortress.com/docs/result/index.php?id=6968b64c57243ef151cd44e7

Tags:

injection

FileScan.IO Suspicious

Verdict:

Suspicious

Threat level:

  5/10

Confidence:

100%

Tags:

adaptive-context fingerprint installer installer keylogger microsoft_visual_cc overlay overlay

Link:

https://www.filescan.io/uploads/6968b6473827c9e1249f74bb/reports/9cbf722b-359e-4dbb-bdec-cd4724f3d0b7/overview

Hybrid Analysis Malware_51.5

Verdict:

Malicious

Labled as:

Malware_51.5

Link:

https://www.hybrid-analysis.com/sample/ab960e62b411ac05fc55137a7fc0d653347c4c38ad212939c3e6a719372a7b2e

Kaspersky OpenTIP Malicious

Verdict:

Malicious

File Type:

exe x32

First seen:

2026-01-15T06:45:00Z UTC

Last seen:

2026-01-15T07:35:00Z UTC

Hits:

~10

Detections:

HEUR:HackTool.Win64.NoDefender.a BSS:HackTool.Win32.Yzon.a Trojan-Ransom.Win32.Mimic.sb Trojan-Ransom.Win32.Encoder.sb Trojan-Ransom.Win32.Agent.sb Trojan.Win32.Agent.sb Trojan.PowerShell.Cobalt.sb HEUR:Trojan-Ransom.Win32.Generic Trojan.PowerShell.Kriptik.sba

Link:

https://opentip.kaspersky.com/ab960e62b411ac05fc55137a7fc0d653347c4c38ad212939c3e6a719372a7b2e/results?tab=lookup

Intezer Malicious

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/8bada889-32a2-49b1-b0e7-391d91b2889d

Nucleon Malprob Malware

Score:

86%

Verdict:

Malware

File Type:

PE

Link:

https://malprob.io/report/ab960e62b411ac05fc55137a7fc0d653347c4c38ad212939c3e6a719372a7b2e

Malva.RE

Gathering data

CERT.PL MWDB

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/ab960e62b411ac05fc55137a7fc0d653347c4c38ad212939c3e6a719372a7b2e/

Neiki Trojan-Ransom.Win32.Mimic

Verdict:

Malicious

Threat:

Trojan-Ransom.Win32.Mimic

Link:

https://tip.neiki.dev/file/ab960e62b411ac05fc55137a7fc0d653347c4c38ad212939c3e6a719372a7b2e

ReversingLabs TitaniumCloud Win32.Ransomware.Pay2Key

Threat name:

Win32.Ransomware.Pay2Key

Alert

Create hunting rule

Status:

Suspicious

First seen:

2026-01-15 09:41:30 UTC

File Type:

PE (Exe)

Extracted files:

9

AV detection:

15 of 24 (62.50%)

Threat level:

  5/5

Spamhaus Hash Blocklist Suspicious file

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=vola4yvucgwal7cvcn5h7qgwkm2hytbyvuqssood42trsnzkpmxa._file

Threatray hacktool_defendernot

Verdict:

malicious

Label(s):

hacktool_defendernot

Alert

Create hunting rule

Similar samples:

0ff90e51f04083e8bb34bb7a414a9b28a5e0264e152ac086e64b548e5a771956

Mimic

518e83f226c9a0ab4bfd27b3561331da201041c1c88c38e17b0dcdb4c8a7b742

Mimic

821bbbfb7c8f4b3eaae16abd0dd1a868c7d39225f56b62013b1a563316460349

Mimic

a9c42f11e75c3525d8d0f3f036c2f603e60fe102fc68b8f22a8b4c81779652a2

Mimic

ab960e62b411ac05fc55137a7fc0d653347c4c38ad212939c3e6a719372a7b2e

Mimic

c2c68123486badda33b199b00beb3c098a067469593a371fdd54f2b6a2b03814

Mimic

dd997344dce3d994e5699152d72ac88184929de709b0a9426f8570c8225627fb

Mimic

error

Mimic

fce5f95d9a8d8a4003af3fd63365d5f3a7746536d054d290534674fa8ef4b844

Mimic

+ 1'166 additional samples on MalwareBazaar

Hatching Triage Suspicious

Result

Malware family:

n/a

Score:

  7/10

Tags:

discovery execution upx

Link:

https://tria.ge/reports/260115-lnz9eaat4b/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Enumerates physical storage devices

System Location Discovery: System Language Discovery

UPX packed file

Command and Scripting Interpreter: PowerShell

Checks computer location settings

Executes dropped EXE

Threat.Zone Malicious

Verdict:

Malicious

Tags:

n/a

YARA:

n/a

Link:

https://app.threat.zone/submission/46a246d4-6909-4364-b9d1-cec0a06ca101

UnpacMe INDICATOR_SUSPICIOUS_GENRansomware INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM INDICATOR_SUSPICIOUS_ClearWinLogs INDICATOR_SUSPICIOUS_USNDeleteJournal

Unpacked files

SH256 hash:

ab960e62b411ac05fc55137a7fc0d653347c4c38ad212939c3e6a719372a7b2e

MD5 hash:

2619c10e7d4154b9976861843142fc5e

SHA1 hash:

168aa45e4b2c51d25a956f55a03c1cbf48cc9570

Link:

https://www.unpac.me/results/2a4a7cd0-9f93-4c62-8b64-f15d3c87bcdb/

SH256 hash:

e37aa72bca3cecb9bdbe51cbd81ec1143bb17163088a1379a4ccb93f5d881e76

MD5 hash:

5cac4fe734fc8454ccb847e030beee38

SHA1 hash:

34298fe220e35f614b2c837cf1dc2604ab0882d6

Link:

https://www.unpac.me/results/2a4a7cd0-9f93-4c62-8b64-f15d3c87bcdb/

SH256 hash:

ad80064f71d273967dcf0b14b9cd6e84d79a132231d619687d9266c7807bdfe0

MD5 hash:

a35ee23aaab26afc575ac83df9572b57

SHA1 hash:

81ea38c694ce9702faddfb961f17c1bbf628a76d

Link:

https://www.unpac.me/results/2a4a7cd0-9f93-4c62-8b64-f15d3c87bcdb/

SH256 hash:

00b9c0120df0595184523a3620ef9b3c3e11fc0e61d366d7eeabb646647cfceb

MD5 hash:

bd1f243ee2140f2f6118a7754ea02a63

SHA1 hash:

cdf7dd7dd1771edcc473037af80afd7e449e30d9

Link:

https://www.unpac.me/results/2a4a7cd0-9f93-4c62-8b64-f15d3c87bcdb/

SH256 hash:

0377585ec50ed2e1b3d8519be272599f31024accd20b484ddae8240e09cc83b4

MD5 hash:

13d3997b43c3d5cbafb0ff10b6f0dee1

SHA1 hash:

e650a76f3fa8d28e2ff3751ccf44d124ef2b82bd

Link:

https://www.unpac.me/results/2a4a7cd0-9f93-4c62-8b64-f15d3c87bcdb/

SH256 hash:

b339f9ab1e6796dcc05791b3548b878c5d2949286bba1c0951a9d0d996596b3e

MD5 hash:

9cd8f0df073e5e1da100d4b01f783cd4

SHA1 hash:

4a41336a66d5bb540ebbf11a778332db5966870c

Link:

https://www.unpac.me/results/2a4a7cd0-9f93-4c62-8b64-f15d3c87bcdb/

SH256 hash:

f3ee7f728de7b7a42ffc4714962559ae7f8b531d29e46fb7f462cae8db5c7b4e

MD5 hash:

fa675f6f27fb845bfd13346ffcf5fa82

SHA1 hash:

c80eb85291743296f2e6e33433d5848a0624ad56

Link:

https://www.unpac.me/results/2a4a7cd0-9f93-4c62-8b64-f15d3c87bcdb/

SH256 hash:

41104e51c911f397139bd2335fcb1ecab00f8de7971c0daad4e474c492aff603

MD5 hash:

4e89c2d7855dbf3afa23a204f629b220

SHA1 hash:

ac5934eea95c733026cc83011ff6728bf9f0ca42

Detections:

INDICATOR_SUSPICIOUS_GENRansomware

Alert

Create hunting rule

INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM

Alert

Create hunting rule

INDICATOR_SUSPICIOUS_ClearWinLogs

Alert

Create hunting rule

INDICATOR_SUSPICIOUS_USNDeleteJournal

Alert

Create hunting rule

Link:

https://www.unpac.me/results/2a4a7cd0-9f93-4c62-8b64-f15d3c87bcdb/

SH256 hash:

2da9ee642514e6a0d82154cad2a84702a39eb301a58547f070713bc9bd53af7c

MD5 hash:

79fe9ca11cf3d2dab35c28b55ba58544

SHA1 hash:

69c9af4fef3eec73505333e9300faaa37789a587

Link:

https://www.unpac.me/results/2a4a7cd0-9f93-4c62-8b64-f15d3c87bcdb/

SH256 hash:

d28ae16de91b0eef0d020e5395b41451ef81ffb90d05e95895d802204436cb5e

MD5 hash:

21a27bfcda8d1c25ce15de35f1e2ba6f

SHA1 hash:

5e0eb80efdf4bd570c43547beb2054458e2460d0

Link:

https://www.unpac.me/results/2a4a7cd0-9f93-4c62-8b64-f15d3c87bcdb/

SH256 hash:

be00508be7f9d50bcb06881490a85dc4f470430e24775f773df97edfb420664b

MD5 hash:

0a281303cf7170d4e9643f5986eec308

SHA1 hash:

ba77c793ec165b4fae883719f47734e1ba0d4976

Link:

https://www.unpac.me/results/2a4a7cd0-9f93-4c62-8b64-f15d3c87bcdb/

SH256 hash:

49f23f83807913b84917cfdb800ac04d905fdc844f4b41b6aaf894506864355b

MD5 hash:

0faecd43382ab6f35d8b2be61939377e

SHA1 hash:

c6295657d52bc5dc16fa2542be23dac7948fa400

Link:

https://www.unpac.me/results/2a4a7cd0-9f93-4c62-8b64-f15d3c87bcdb/

SH256 hash:

f457b1cb1b146ab07117e34dc50881ef787946a0311467d82469fdaa3e54884c

MD5 hash:

52b7073101ce2f83c85ed698f1ee0445

SHA1 hash:

cd2f016c79de7d4bf20d1366cc9483b610b4ffc2

Link:

https://www.unpac.me/results/2a4a7cd0-9f93-4c62-8b64-f15d3c87bcdb/

VMRay Mimic

Malware family:

Mimic

Alert

Create hunting rule

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/_mb/ab960e62b411/report/overview.html

VirusTotal

Please note that we are no longer able to provide a coverage score for Virus Total.

YOROI YOMI Malicious File

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/ab960e62b411ac05fc55137a7fc0d653347c4c38ad212939c3e6a719372a7b2e

File information

---

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mimic

exe ab960e62b411ac05fc55137a7fc0d653347c4c38ad212939c3e6a719372a7b2e

(this sample)

  

Dropped by

Gcleaner

  

Delivery method

Distributed via web download

Cape

https://www.capesandbox.com/analysis/48978/