MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7f467084343ca7986a188108390c1de3c98bb211e304cc4bc700125c1ea495f6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Gamaredon


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7f467084343ca7986a188108390c1de3c98bb211e304cc4bc700125c1ea495f6
SHA3-384 hash: d4d1dc3534efec126e3375b405c95485f7ce98dac7c05e29168540bdea4b47b6eb5059c7938aadf4a8fcd9623523486d
SHA1 hash: eb2c18ca27cf1395a5c7eb174c5064357c9106bb
MD5 hash: 8f235f4138a3362a67caee9ff82a4fc4
humanhash: wyoming-december-maine-friend
File name:dropped.ps
Download: download sample
Signature Gamaredon
Create hunting rule
File size:93'630 bytes
First seen:2025-11-23 15:47:22 UTC
Last seen:Never
File type:PowerShell (PS) ps1
MIME type:text/plain
ssdeep 1536:4Khmo2ewfPpcf1JltcSk5rRKspUiUd9lGneYeOKVq8j1SKg553NqgXh886jh67wG:ElpWJlIaZlGnrGI8j1s553NOh67n
TLSH T17D933B17F80312E4971A7293C2C7228BDEE4C4757A361491F13598AB251BC79EB8FA3D
Magika vba
Reporter M128BitOff
Tags:apt dropper gamaredon powershell ps1


Avatar
M128BitOff
This malware sample was downloaded from Gamaredons Payload Delivery Infrastructure in the following analysis:
https://blog.synapticsystems.de/inside-gamaredon-2025-zero-click-espionage-at-scale/

Intelligence

File Origin
# of uploads :
1
# of downloads :
26
Origin country :
FR FR
Vendor Threat Intelligence
Verdict:
Clean
Score:
99.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=69233506a59c70c97d6a07c0
Tags:
n/a
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
evasive masquerade obfuscated
Link:
https://www.filescan.io/uploads/692334feeecb08e4aa45e934/reports/1bb1e90d-47c9-4fb5-ae24-9aa88579f8e0/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/7f467084343ca7986a188108390c1de3c98bb211e304cc4bc700125c1ea495f6
Result
Gathering data
Score:
96%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/7f467084343ca7986a188108390c1de3c98bb211e304cc4bc700125c1ea495f6
Verdict:
Malware
YARA:
1 match(es)
Tags:
adodb.stream msxml2.domdocument.3.0 msxml2.xmlhttp Scripting.FileSystemObject VBScript vbscript.regexp WScript.Shell
Link:
https://app.malva.re/file/8f235f4138a3362a67caee9ff82a4fc4
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/7f467084343ca7986a188108390c1de3c98bb211e304cc4bc700125c1ea495f6/
Verdict:
Malicious
Threat:
Trojan-Downloader.VBS.SLoad
Link:
https://tip.neiki.dev/file/7f467084343ca7986a188108390c1de3c98bb211e304cc4bc700125c1ea495f6
Threat name:
Script-WScript.Trojan.Gamaredon
Create hunting rule
Status:
Malicious
First seen:
2025-11-23 16:23:25 UTC
File Type:
Text (VBS)
AV detection:
1 of 36 (2.78%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=p5dhbbbuhstzq2qyqeedsda54peyxmqr4mcmys6haajfyhvesx3a._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
execution
Link:
https://tria.ge/reports/251123-tvzkfsylhx/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Command and Scripting Interpreter: PowerShell
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Gamaredon

HTML Application (hta) hta 9fc2a247313b078d795419b7d1c7c0cd907a103a4c64ebab6c96ddb7b958d230

Gamaredon

PowerShell (PS) ps1 7f467084343ca7986a188108390c1de3c98bb211e304cc4bc700125c1ea495f6

(this sample)

  
Dropped by
SHA256 9fc2a247313b078d795419b7d1c7c0cd907a103a4c64ebab6c96ddb7b958d230
  
Delivery method
Distributed via web download
  
Dropped by
MD5 f9e49180954587bea9a0049f69ff5aa3

Comments