MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9b14d367c99b7d9187a58406ad3eb55e2dee12b4b2bc341f9058c622b7b87fa3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Gamaredon


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9b14d367c99b7d9187a58406ad3eb55e2dee12b4b2bc341f9058c622b7b87fa3
SHA3-384 hash: 72e681072b8053585534348a64f5eea0538283930d5f0b75aaae7d84a90762b35a877398f7b5c409b2a8db9891ac794c
SHA1 hash: 87eba8b9ab8988d6969a41528cbdf04d4b79a67b
MD5 hash: 1ecf8888f6a7f128449d8d008e142dc4
humanhash: maryland-table-equal-zulu
File name:journal.pdf
Download: download sample
Signature Gamaredon
Create hunting rule
File size:193'512 bytes
First seen:2025-11-23 15:51:08 UTC
Last seen:Never
File type: pdf
MIME type:text/html
ssdeep 3072:wibzj5goRfSUPjNf2AoR63n/+M3LV4HTdUDWTmMP4xP2IIoOX:wibf5gofScRAR6XGKCHTdUDtMPqPyR
TLSH T1D8149E2A5E8931288BBA534296DE3C8567D2234A7A734C8EB40DD0CDC5FB5E4E6CD07D
Magika vba
Reporter M128BitOff
Tags:apt gamaredon pdf pteranodon


Avatar
M128BitOff
This malware sample was downloaded from Gamaredons Payload Delivery Infrastructure in the following analysis:
https://blog.synapticsystems.de/inside-gamaredon-2025-zero-click-espionage-at-scale/

Intelligence

File Origin
# of uploads :
1
# of downloads :
22
Origin country :
FR FR
Vendor Threat Intelligence
Gathering data
Gathering data
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/9b14d367c99b7d9187a58406ad3eb55e2dee12b4b2bc341f9058c622b7b87fa3
Result
Gathering data
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/9b14d367c99b7d9187a58406ad3eb55e2dee12b4b2bc341f9058c622b7b87fa3
Verdict:
Malware
YARA:
3 match(es)
Tags:
adodb.stream Base64 Block Contains Base64 Block Html msxml2.domdocument.3.0 msxml2.xmlhttp Scripting.FileSystemObject vbscript.regexp WScript.Shell
Link:
https://app.malva.re/file/1ecf8888f6a7f128449d8d008e142dc4
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/9b14d367c99b7d9187a58406ad3eb55e2dee12b4b2bc341f9058c622b7b87fa3/
Threat name:
Script-WScript.Trojan.Gamaredon
Create hunting rule
Status:
Malicious
First seen:
2025-11-18 01:58:22 UTC
File Type:
Text (HTML)
Extracted files:
1
AV detection:
9 of 36 (25.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=tmkngz6jtn6zdb5fqqdk2pvvlyw64evuwk6dih4qlddcfn5yp6rq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Gamaredon

pdf 9b14d367c99b7d9187a58406ad3eb55e2dee12b4b2bc341f9058c622b7b87fa3

(this sample)

  
Link
https://blog.synapticsystems.de/inside-gamaredon-2025-zero-click-espionage-at-scale/
  
Delivery method
Distributed via web download

Comments