MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ab960e62b411ac05fc55137a7fc0d653347c4c38ad212939c3e6a719372a7b2e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry



Mimic


Vendor detections: 16


Intelligence 16 IOCs YARA File information Comments

SHA256 hash: ab960e62b411ac05fc55137a7fc0d653347c4c38ad212939c3e6a719372a7b2e
SHA3-384 hash: de9301cbede44fe34a154e6c41e7a57887ff53893231996571d48ea46982f2474751776fd63b928b8f31486adaffdbef
SHA1 hash: 168aa45e4b2c51d25a956f55a03c1cbf48cc9570
MD5 hash: 2619c10e7d4154b9976861843142fc5e
humanhash: high-wyoming-nuts-stairway
File name:file
Download: download sample
Signature Mimic
File size:2'336'241 bytes
First seen:2026-01-15 09:40:41 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f6baa5eaa8231d4fe8e922a2e6d240ea (61 x CoinMiner, 22 x DCRat, 15 x LummaStealer)
ssdeep 49152:DgwR70pmXor4QlvGN4RwAqul5DQVGGiqabZnP8QQCxGuh:DgwRILrNFGyxfQ23bZncCx/h
Threatray 1'176 similar samples on MalwareBazaar
TLSH T1B4B53322B3C2C5B1E1C8127049D7A7AB85FCE7515B1801D39B9E4E063EBE5C2E67D386
TrID 38.7% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5)
24.6% (.EXE) Win64 Executable (generic) (10522/11/4)
11.8% (.EXE) Win16 NE executable (generic) (5038/12/1)
10.5% (.EXE) Win32 Executable (generic) (4504/4/1)
4.7% (.EXE) OS/2 Executable (generic) (2029/13)
Magika pebin
Reporter Bitsight
Tags:a dropped-by-gcleaner exe Mimic MIX9.file


Avatar
Bitsight
url: http://194.38.20.224/service

Intelligence


File Origin
# of uploads :
1
# of downloads :
172
Origin country :
US US
Vendor Threat Intelligence
Malware configuration found for:
Archives
Details
Archives
extracted archive contents
Archives
an extracted 7-zip archive from the overlay data and SFX commands
Malware family:
n/a
ID:
1
File name:
file
Verdict:
Malicious activity
Analysis date:
2026-01-15 09:41:25 UTC
Tags:
auto-reg everything tool auto generic smb ransomware

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Verdict:
Malicious
Score:
70%
Tags:
injection
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
adaptive-context fingerprint installer installer keylogger microsoft_visual_cc overlay overlay
Verdict:
Malicious
File Type:
exe x32
First seen:
2026-01-15T06:45:00Z UTC
Last seen:
2026-01-15T07:35:00Z UTC
Hits:
~10
Detections:
HEUR:HackTool.Win64.NoDefender.a BSS:HackTool.Win32.Yzon.a Trojan-Ransom.Win32.Mimic.sb Trojan-Ransom.Win32.Encoder.sb Trojan-Ransom.Win32.Agent.sb Trojan.Win32.Agent.sb Trojan.PowerShell.Cobalt.sb HEUR:Trojan-Ransom.Win32.Generic Trojan.PowerShell.Kriptik.sba
Gathering data
Verdict:
Malicious
Threat:
Trojan-Ransom.Win32.Mimic
Threat name:
Win32.Ransomware.Pay2Key
Status:
Suspicious
First seen:
2026-01-15 09:41:30 UTC
File Type:
PE (Exe)
Extracted files:
9
AV detection:
15 of 24 (62.50%)
Threat level:
  5/5
Result
Malware family:
n/a
Score:
  7/10
Tags:
discovery execution upx
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
System Location Discovery: System Language Discovery
UPX packed file
Command and Scripting Interpreter: PowerShell
Checks computer location settings
Executes dropped EXE
Unpacked files
SH256 hash:
ab960e62b411ac05fc55137a7fc0d653347c4c38ad212939c3e6a719372a7b2e
MD5 hash:
2619c10e7d4154b9976861843142fc5e
SHA1 hash:
168aa45e4b2c51d25a956f55a03c1cbf48cc9570
SH256 hash:
e37aa72bca3cecb9bdbe51cbd81ec1143bb17163088a1379a4ccb93f5d881e76
MD5 hash:
5cac4fe734fc8454ccb847e030beee38
SHA1 hash:
34298fe220e35f614b2c837cf1dc2604ab0882d6
SH256 hash:
ad80064f71d273967dcf0b14b9cd6e84d79a132231d619687d9266c7807bdfe0
MD5 hash:
a35ee23aaab26afc575ac83df9572b57
SHA1 hash:
81ea38c694ce9702faddfb961f17c1bbf628a76d
SH256 hash:
00b9c0120df0595184523a3620ef9b3c3e11fc0e61d366d7eeabb646647cfceb
MD5 hash:
bd1f243ee2140f2f6118a7754ea02a63
SHA1 hash:
cdf7dd7dd1771edcc473037af80afd7e449e30d9
SH256 hash:
0377585ec50ed2e1b3d8519be272599f31024accd20b484ddae8240e09cc83b4
MD5 hash:
13d3997b43c3d5cbafb0ff10b6f0dee1
SHA1 hash:
e650a76f3fa8d28e2ff3751ccf44d124ef2b82bd
SH256 hash:
b339f9ab1e6796dcc05791b3548b878c5d2949286bba1c0951a9d0d996596b3e
MD5 hash:
9cd8f0df073e5e1da100d4b01f783cd4
SHA1 hash:
4a41336a66d5bb540ebbf11a778332db5966870c
SH256 hash:
f3ee7f728de7b7a42ffc4714962559ae7f8b531d29e46fb7f462cae8db5c7b4e
MD5 hash:
fa675f6f27fb845bfd13346ffcf5fa82
SHA1 hash:
c80eb85291743296f2e6e33433d5848a0624ad56
SH256 hash:
41104e51c911f397139bd2335fcb1ecab00f8de7971c0daad4e474c492aff603
MD5 hash:
4e89c2d7855dbf3afa23a204f629b220
SHA1 hash:
ac5934eea95c733026cc83011ff6728bf9f0ca42
Detections:
INDICATOR_SUSPICIOUS_GENRansomware INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM INDICATOR_SUSPICIOUS_ClearWinLogs INDICATOR_SUSPICIOUS_USNDeleteJournal
SH256 hash:
2da9ee642514e6a0d82154cad2a84702a39eb301a58547f070713bc9bd53af7c
MD5 hash:
79fe9ca11cf3d2dab35c28b55ba58544
SHA1 hash:
69c9af4fef3eec73505333e9300faaa37789a587
SH256 hash:
d28ae16de91b0eef0d020e5395b41451ef81ffb90d05e95895d802204436cb5e
MD5 hash:
21a27bfcda8d1c25ce15de35f1e2ba6f
SHA1 hash:
5e0eb80efdf4bd570c43547beb2054458e2460d0
SH256 hash:
be00508be7f9d50bcb06881490a85dc4f470430e24775f773df97edfb420664b
MD5 hash:
0a281303cf7170d4e9643f5986eec308
SHA1 hash:
ba77c793ec165b4fae883719f47734e1ba0d4976
SH256 hash:
49f23f83807913b84917cfdb800ac04d905fdc844f4b41b6aaf894506864355b
MD5 hash:
0faecd43382ab6f35d8b2be61939377e
SHA1 hash:
c6295657d52bc5dc16fa2542be23dac7948fa400
SH256 hash:
f457b1cb1b146ab07117e34dc50881ef787946a0311467d82469fdaa3e54884c
MD5 hash:
52b7073101ce2f83c85ed698f1ee0445
SHA1 hash:
cd2f016c79de7d4bf20d1366cc9483b610b4ffc2
Please note that we are no longer able to provide a coverage score for Virus Total.

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mimic

Executable exe ab960e62b411ac05fc55137a7fc0d653347c4c38ad212939c3e6a719372a7b2e

(this sample)

  
Dropped by
Gcleaner
  
Delivery method
Distributed via web download

Comments