MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 dedc10ea2c4608a502c7a6d53e2196d3dd1dbd10bdd118d65e7a8df2996ddfaa. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mimic


Vendor detections: 16


Intelligence 16 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: dedc10ea2c4608a502c7a6d53e2196d3dd1dbd10bdd118d65e7a8df2996ddfaa
SHA3-384 hash: 31360e1886866fbc44e0108b3123d60970e936c7959326f92f6f13c44068d5f147759f72bdb649913045910543f2daaf
SHA1 hash: 1cdd5fc3cc7415ae1a50bb4a78585ea47022828b
MD5 hash: f9b3cf4d2330c8055e85dfb5f661a8b5
humanhash: enemy-vermont-south-ten
File name:file
Download: download sample
Signature Mimic
Create hunting rule
File size:2'354'344 bytes
First seen:2026-01-15 14:20:31 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f6baa5eaa8231d4fe8e922a2e6d240ea (61 x CoinMiner, 22 x DCRat, 15 x LummaStealer)
ssdeep 49152:IgwRxQ1ruLWnUsES7BA5rwKN8FQr0WD1Y729:IgwRxQsLAb2G+06a29
Threatray 1'132 similar samples on MalwareBazaar
TLSH T193B53300B6BDA4B5F51D6EB059DA5B03A8A4EEAC073015CF9A057D43DA3F5D3C23A287
TrID 38.7% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5)
24.6% (.EXE) Win64 Executable (generic) (10522/11/4)
11.8% (.EXE) Win16 NE executable (generic) (5038/12/1)
10.5% (.EXE) Win32 Executable (generic) (4504/4/1)
4.7% (.EXE) OS/2 Executable (generic) (2029/13)
Magika pebin
Reporter Bitsight
Tags:dropped-by-gcleaner exe f Mimic MIX9.file


Avatar
Bitsight
url: http://194.38.20.224/service

Intelligence

File Origin
# of uploads :
1
# of downloads :
146
Origin country :
US US
Vendor Threat Intelligence
Malware configuration found for:
Archives
Details
Archives
extracted archive contents
Archives
an extracted 7-zip archive from the overlay data and SFX commands
Link:
https://research.acce.ciphertechsolutions.com/results/e193aab5-5b9d-4342-af4c-1abcba3403f6/
Malware family:
n/a
ID:
1
File name:
_dedc10ea2c4608a502c7a6d53e2196d3dd1dbd10bdd118d65e7a8df2996ddfaa.exe
Verdict:
Malicious activity
Analysis date:
2026-01-15 14:21:40 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/1daf5f19-2b38-4a53-91ab-e9b9d0a7160d

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/49009/
Verdict:
Malicious
Score:
70%
Link:
https://cyber-fortress.com/docs/result/index.php?id=6968f7c257243ef151cd564d
Tags:
injection shell sage
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
adaptive-context fingerprint installer installer keylogger masquerade microsoft_visual_cc obfuscated overlay overlay
Link:
https://www.filescan.io/uploads/6968f7b52ea17ed8995166fb/reports/f86086c5-9758-4dd6-8496-10be6f54fc43/overview
Verdict:
Malicious
Labled as:
Win/grayware_confidence_70%
Link:
https://www.hybrid-analysis.com/sample/dedc10ea2c4608a502c7a6d53e2196d3dd1dbd10bdd118d65e7a8df2996ddfaa
Verdict:
Malicious
File Type:
exe x32
First seen:
2026-01-15T11:31:00Z UTC
Last seen:
2026-01-17T08:03:00Z UTC
Hits:
~10
Detections:
HEUR:HackTool.Win64.NoDefender.a HEUR:HackTool.PowerShell.InvokeObfuscation.gen Trojan.PowerShell.Kriptik.sba BSS:HackTool.Win32.Yzon.a Trojan.PowerShell.Cobalt.sb HEUR:Trojan-Ransom.Win32.Generic HEUR:Trojan.PowerShell.Generic
Link:
https://opentip.kaspersky.com/dedc10ea2c4608a502c7a6d53e2196d3dd1dbd10bdd118d65e7a8df2996ddfaa/results?tab=lookup
Malware family:
SalatStealer
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/277a126e-b6c7-4e7c-8d32-65c14ed610ca
Score:
78%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/dedc10ea2c4608a502c7a6d53e2196d3dd1dbd10bdd118d65e7a8df2996ddfaa
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/dedc10ea2c4608a502c7a6d53e2196d3dd1dbd10bdd118d65e7a8df2996ddfaa/
Verdict:
Malicious
Threat:
HackTool.PowerShell.Yzon
Link:
https://tip.neiki.dev/file/dedc10ea2c4608a502c7a6d53e2196d3dd1dbd10bdd118d65e7a8df2996ddfaa
Threat name:
Win32.Ransomware.Pay2Key
Create hunting rule
Status:
Suspicious
First seen:
2026-01-15 14:21:30 UTC
File Type:
PE (Exe)
Extracted files:
15
AV detection:
16 of 24 (66.67%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=33obb2rmiyekkawhu3kt4imw2por3piqxxirrvs6pkg7fgln36va._file
Verdict:
malicious
Label(s):
hacktool_defendernot
Create hunting rule
Similar samples:
3cd2ca1a45a96733269d60397d84b451e4b4f0b7f7cdc3c152bf9e88db773199
Mimic
518e83f226c9a0ab4bfd27b3561331da201041c1c88c38e17b0dcdb4c8a7b742
Mimic
5adec34dbd4c68769ffa5abdb7c0424b5cdf56a4f925e8b87c53cf4a5294afe6
Mimic
ab960e62b411ac05fc55137a7fc0d653347c4c38ad212939c3e6a719372a7b2e
Mimic
c9a5e60fd024d07aaf86a0403edc8a3d0af5fcf8bd3216925774096f6ceab326
Mimic
dd997344dce3d994e5699152d72ac88184929de709b0a9426f8570c8225627fb
Mimic
e1a3e3e0cc2e8b9476504c920ee20c9e50ef9f3270d7c4562da774dd9c990c58
Mimic
error
Mimic
fce5f95d9a8d8a4003af3fd63365d5f3a7746536d054d290534674fa8ef4b844
Mimic
+ 1'122 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
discovery execution upx
Link:
https://tria.ge/reports/260115-rnq9dscw5e/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
System Location Discovery: System Language Discovery
UPX packed file
Command and Scripting Interpreter: PowerShell
Checks computer location settings
Executes dropped EXE
Verdict:
Malicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/149ce9f4-1f1a-40fe-a42f-c82600e728ba
Unpacked files
SH256 hash:
dedc10ea2c4608a502c7a6d53e2196d3dd1dbd10bdd118d65e7a8df2996ddfaa
MD5 hash:
f9b3cf4d2330c8055e85dfb5f661a8b5
SHA1 hash:
1cdd5fc3cc7415ae1a50bb4a78585ea47022828b
Link:
https://www.unpac.me/results/3a5d3f4b-67e6-407f-9730-2ca86564a5a0/
SH256 hash:
6c798ed52b4b47a41f68786430e35a7fdfa800640113a44c443642305833fed2
MD5 hash:
c508ea40523577da2ab3931b974e7bdf
SHA1 hash:
5385e0bcbda2055d66ee9030a02e99d1c6c02597
Link:
https://www.unpac.me/results/3a5d3f4b-67e6-407f-9730-2ca86564a5a0/
SH256 hash:
b6301160d2cceb9df1bb2d0548d65c31ecc38b694fa5efe67899935f19870fce
MD5 hash:
46857dedd8ea45006ec3ebff24739f8b
SHA1 hash:
47bd7d9f2eb13d178327769b964043887258390e
Link:
https://www.unpac.me/results/3a5d3f4b-67e6-407f-9730-2ca86564a5a0/
SH256 hash:
f457b1cb1b146ab07117e34dc50881ef787946a0311467d82469fdaa3e54884c
MD5 hash:
52b7073101ce2f83c85ed698f1ee0445
SHA1 hash:
cd2f016c79de7d4bf20d1366cc9483b610b4ffc2
Link:
https://www.unpac.me/results/3a5d3f4b-67e6-407f-9730-2ca86564a5a0/
Malware family:
Mimic
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/dedc10ea2c46/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/dedc10ea2c4608a502c7a6d53e2196d3dd1dbd10bdd118d65e7a8df2996ddfaa

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mimic

Executable exe dedc10ea2c4608a502c7a6d53e2196d3dd1dbd10bdd118d65e7a8df2996ddfaa

(this sample)

  
Dropped by
Gcleaner
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/49009/

Comments