MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c9a5e60fd024d07aaf86a0403edc8a3d0af5fcf8bd3216925774096f6ceab326. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mimic


Vendor detections: 16


Intelligence 16 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c9a5e60fd024d07aaf86a0403edc8a3d0af5fcf8bd3216925774096f6ceab326
SHA3-384 hash: c4ba4faf18b1c5033d5c830be450f4eee85220fa179d8059526e0ff33867d8ddb984df6db16dc5fdce33fd4cfe052e55
SHA1 hash: f24b759219eead7aa99adeceff8cbd4834a292ec
MD5 hash: 6aa345742f02a14a9c508419c7f08dba
humanhash: tennessee-nineteen-virginia-green
File name:file
Download: download sample
Signature Mimic
Create hunting rule
File size:2'343'255 bytes
First seen:2026-01-15 12:31:18 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f6baa5eaa8231d4fe8e922a2e6d240ea (66 x CoinMiner, 22 x DCRat, 15 x LummaStealer)
ssdeep 49152:EgwRvFs8pHZZqygAaByTlT+dSAOJoNQiTIhxExqFBo3LWXWM:EgwRtsiHZAy/aMTp4NQiaEY+WXWM
Threatray 56 similar samples on MalwareBazaar
TLSH T1D2B53341BFC74FF4F2A5A578160078827C7CFA741BE84ACFB39C44485AB52E1A6FA605
TrID 38.7% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5)
24.6% (.EXE) Win64 Executable (generic) (10522/11/4)
11.8% (.EXE) Win16 NE executable (generic) (5038/12/1)
10.5% (.EXE) Win32 Executable (generic) (4504/4/1)
4.7% (.EXE) OS/2 Executable (generic) (2029/13)
Magika pebin
dhash icon 34f0c4c2d2c4c4d4 (4 x Mimic, 1 x Pay2Key)
Reporter Bitsight
Tags:b dropped-by-gcleaner exe Mimic MIX9.file


Avatar
Bitsight
url: http://194.38.20.224/service

Intelligence

File Origin
# of uploads :
1
# of downloads :
138
Origin country :
US US
Vendor Threat Intelligence
Malware configuration found for:
Archives
Details
Archives
extracted archive contents
Archives
an extracted 7-zip archive from the overlay data and SFX commands
Link:
https://research.acce.ciphertechsolutions.com/results/b7db0c58-2e9d-4788-8762-d647eeb7942a/
Malware family:
n/a
ID:
1
File name:
file
Verdict:
Malicious activity
Analysis date:
2026-01-15 12:31:58 UTC
Tags:
everything tool auto-reg auto generic smb ransomware
Link:
https://app.any.run/tasks/21df94c8-a8d6-4294-981a-d18dcaa58269

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/48997/
Verdict:
Malicious
Score:
70.0%
Link:
https://cyber-fortress.com/docs/result/index.php?id=6968de1d57243ef151cd4aec
Tags:
injection
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
adaptive-context fingerprint installer installer installer-heuristic keylogger masquerade microsoft_visual_cc obfuscated overlay overlay pay2key ransomware
Link:
https://www.filescan.io/uploads/6968de1afdafd7624aae2a22/reports/48a328fe-ee74-474b-94d6-2ac85744c565/overview
Verdict:
Malicious
Labled as:
Win/grayware_confidence_60%
Link:
https://www.hybrid-analysis.com/sample/c9a5e60fd024d07aaf86a0403edc8a3d0af5fcf8bd3216925774096f6ceab326
Verdict:
Malicious
File Type:
exe x32
First seen:
2026-01-15T09:38:00Z UTC
Last seen:
2026-01-15T20:30:00Z UTC
Hits:
~10
Detections:
HEUR:Trojan-Ransom.Win32.Generic Trojan.PowerShell.Kriptik.sba
Link:
https://opentip.kaspersky.com/c9a5e60fd024d07aaf86a0403edc8a3d0af5fcf8bd3216925774096f6ceab326/results?tab=lookup
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/77d2e8bc-6413-4b6e-860b-f3144f49ed71
Score:
84%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/c9a5e60fd024d07aaf86a0403edc8a3d0af5fcf8bd3216925774096f6ceab326
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c9a5e60fd024d07aaf86a0403edc8a3d0af5fcf8bd3216925774096f6ceab326/
Verdict:
Malicious
Threat:
Trojan-Ransom.Win32
Link:
https://tip.neiki.dev/file/c9a5e60fd024d07aaf86a0403edc8a3d0af5fcf8bd3216925774096f6ceab326
Threat name:
Win32.Ransomware.Pay2Key
Create hunting rule
Status:
Suspicious
First seen:
2026-01-15 12:32:29 UTC
File Type:
PE (Exe)
Extracted files:
14
AV detection:
17 of 24 (70.83%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=zgs6md6qetihvl4gubad5xekhufpl7hyxuzbnesxoqew63hkwmta._file
Verdict:
malicious
Label(s):
hacktool_defendernot
Create hunting rule
Similar samples:
0ff90e51f04083e8bb34bb7a414a9b28a5e0264e152ac086e64b548e5a771956
Mimic
2423f6e4b6f015042c4de4a4ad457629b7c4737ec19352abac9dd6136ba46d68
Mimic
279dbb1984d32a99caf4a0b82a1519e1bacabed43af723398c631a7d17352fe9
Mimic
3cd2ca1a45a96733269d60397d84b451e4b4f0b7f7cdc3c152bf9e88db773199
Mimic
518e83f226c9a0ab4bfd27b3561331da201041c1c88c38e17b0dcdb4c8a7b742
Mimic
9f6a696876fee8b811db8889bf4933262f4472ad41daea215d2e39bd537cf32f
Mimic
ab960e62b411ac05fc55137a7fc0d653347c4c38ad212939c3e6a719372a7b2e
Mimic
error
Mimic
fce5f95d9a8d8a4003af3fd63365d5f3a7746536d054d290534674fa8ef4b844
Mimic
+ 46 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
discovery execution upx
Link:
https://tria.ge/reports/260115-pp7xesfx7d/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
System Location Discovery: System Language Discovery
UPX packed file
Command and Scripting Interpreter: PowerShell
Checks computer location settings
Executes dropped EXE
Verdict:
Malicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/abd8cfc5-22f2-4145-92f0-75ef37ad7cf2
Unpacked files
SH256 hash:
c9a5e60fd024d07aaf86a0403edc8a3d0af5fcf8bd3216925774096f6ceab326
MD5 hash:
6aa345742f02a14a9c508419c7f08dba
SHA1 hash:
f24b759219eead7aa99adeceff8cbd4834a292ec
Link:
https://www.unpac.me/results/79ce5d34-c357-4eaf-8a79-3c4fb8115d3b/
SH256 hash:
e37aa72bca3cecb9bdbe51cbd81ec1143bb17163088a1379a4ccb93f5d881e76
MD5 hash:
5cac4fe734fc8454ccb847e030beee38
SHA1 hash:
34298fe220e35f614b2c837cf1dc2604ab0882d6
Link:
https://www.unpac.me/results/79ce5d34-c357-4eaf-8a79-3c4fb8115d3b/
SH256 hash:
ad80064f71d273967dcf0b14b9cd6e84d79a132231d619687d9266c7807bdfe0
MD5 hash:
a35ee23aaab26afc575ac83df9572b57
SHA1 hash:
81ea38c694ce9702faddfb961f17c1bbf628a76d
Link:
https://www.unpac.me/results/79ce5d34-c357-4eaf-8a79-3c4fb8115d3b/
SH256 hash:
00b9c0120df0595184523a3620ef9b3c3e11fc0e61d366d7eeabb646647cfceb
MD5 hash:
bd1f243ee2140f2f6118a7754ea02a63
SHA1 hash:
cdf7dd7dd1771edcc473037af80afd7e449e30d9
Link:
https://www.unpac.me/results/79ce5d34-c357-4eaf-8a79-3c4fb8115d3b/
SH256 hash:
0377585ec50ed2e1b3d8519be272599f31024accd20b484ddae8240e09cc83b4
MD5 hash:
13d3997b43c3d5cbafb0ff10b6f0dee1
SHA1 hash:
e650a76f3fa8d28e2ff3751ccf44d124ef2b82bd
Link:
https://www.unpac.me/results/79ce5d34-c357-4eaf-8a79-3c4fb8115d3b/
SH256 hash:
edfdd9a1567da779d8d481121f5f1b439106db54e9ad16dc5bb46486aa3a6c04
MD5 hash:
169df14926128c8c534d8485ae41285a
SHA1 hash:
0bc1b7f9bc4d7fb45619c1ffd1a2de4c0f9d263a
Link:
https://www.unpac.me/results/79ce5d34-c357-4eaf-8a79-3c4fb8115d3b/
SH256 hash:
c5d1d1c4a53f057b790ee493c8b4b5d0be374f01368e24bb1b90550901ceac9f
MD5 hash:
027c49f0c54597f8f1e0806e94cd8568
SHA1 hash:
15784b9bc20adf174f5e81d248f8f0144496894c
Link:
https://www.unpac.me/results/79ce5d34-c357-4eaf-8a79-3c4fb8115d3b/
SH256 hash:
e07d6c1d67c0660797aedea94432243c1d6d31c04223a691d3c740caf0555336
MD5 hash:
7e04cabe0211e35c276d3a58b141a143
SHA1 hash:
33e3ca0820210cf5707001716d09be229d156193
Detections:
INDICATOR_SUSPICIOUS_GENRansomware
Create hunting rule
INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM
Create hunting rule
INDICATOR_SUSPICIOUS_ClearWinLogs
Create hunting rule
INDICATOR_SUSPICIOUS_USNDeleteJournal
Create hunting rule
Link:
https://www.unpac.me/results/79ce5d34-c357-4eaf-8a79-3c4fb8115d3b/
SH256 hash:
c295a3c20e18427a1e441793d60aaa2746cc0918b26fa675d0941a2c8e0fa25f
MD5 hash:
cb9d75d98fcd816d3da2a916bf1c0ac7
SHA1 hash:
4d4ad27d29d9781b6b98b8cad9cfa9c324db3ebf
Link:
https://www.unpac.me/results/79ce5d34-c357-4eaf-8a79-3c4fb8115d3b/
SH256 hash:
e6af602bbb31c6463ec275c0f41a7d1e04b548cb8e452b4930861421c9eb7e0f
MD5 hash:
7d6e8aee49b2e94bd4db30b62bd07274
SHA1 hash:
cfa84deb6099dd0b646acd21e33db86c64eeb255
Link:
https://www.unpac.me/results/79ce5d34-c357-4eaf-8a79-3c4fb8115d3b/
SH256 hash:
58ad69eb1564419b042596cd1a86b5a029a59efd2909fc1682424d8c0ad88700
MD5 hash:
8b2ee483ff7e4170f8f95aef84d8bac7
SHA1 hash:
83921af9225ee5d8ada94dba6bda6d43a25e8ece
Link:
https://www.unpac.me/results/79ce5d34-c357-4eaf-8a79-3c4fb8115d3b/
SH256 hash:
49f23f83807913b84917cfdb800ac04d905fdc844f4b41b6aaf894506864355b
MD5 hash:
0faecd43382ab6f35d8b2be61939377e
SHA1 hash:
c6295657d52bc5dc16fa2542be23dac7948fa400
Link:
https://www.unpac.me/results/79ce5d34-c357-4eaf-8a79-3c4fb8115d3b/
SH256 hash:
f457b1cb1b146ab07117e34dc50881ef787946a0311467d82469fdaa3e54884c
MD5 hash:
52b7073101ce2f83c85ed698f1ee0445
SHA1 hash:
cd2f016c79de7d4bf20d1366cc9483b610b4ffc2
Link:
https://www.unpac.me/results/79ce5d34-c357-4eaf-8a79-3c4fb8115d3b/
Malware family:
Mimic
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/c9a5e60fd024/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/c9a5e60fd024d07aaf86a0403edc8a3d0af5fcf8bd3216925774096f6ceab326

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mimic

Executable exe c9a5e60fd024d07aaf86a0403edc8a3d0af5fcf8bd3216925774096f6ceab326

(this sample)

  
Dropped by
Gcleaner
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/48997/

Comments