MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c16be243e6def46a702a299f67c2a3924efdd32b94b29d23cb7e817b57d273c7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c16be243e6def46a702a299f67c2a3924efdd32b94b29d23cb7e817b57d273c7
SHA3-384 hash: 42ed3c0503d13044a8d5b0d1125b183c99921827a22a5824bb2defa7e6d12b8692b77afd7ebc1763d0daaa7659e79efd
SHA1 hash: d03a73bf8c931411e335f825323b9042a8ab7ec8
MD5 hash: d51c4ef2bb94bee5af9f2f9642dc189a
humanhash: pasta-leopard-stairway-low
File name:333.rar
Download: download sample
File size:13'177'257 bytes
First seen:2025-11-23 14:19:17 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 393216:3vNjPjeAL/p3UtUNpFp5ojTCgb4Sn9jhou5K:fxLeG6TCTSn9jhouc
TLSH T1ECD633AC6A3027ECEE3B73F5620D6476D483A4DE56BCCFD14792205BCC81A716371A4A
TrID 61.5% (.RAR) RAR compressed archive (v5.0) (8000/1)
38.4% (.RAR) RAR compressed archive (gen) (5000/1)
Magika rar
Reporter smica83
Tags:CVE-2025-6218 CVE-2025-8088 rar

Intelligence

File Origin
# of uploads :
1
# of downloads :
27
Origin country :
HU HU
File Archive Information

This file archive contains 5 file(s), sorted by their relevance:

File name:T3.txt:.._.._.._.._AppData_Roaming_Microsoft_Windows_Start Menu_Programs_Startup_drp.lnk
File size:1'726 bytes
SHA256 hash: 610432bd46df2e04933e952de231a7084a61145d53ef1151cdda26b6c25da478
MD5 hash: 8ecfbbe8e48bb51bb378d14f65477123
MIME type:application/octet-stream
File name:1.png
File size:117'903 bytes
SHA256 hash: b44df77647bf5f8c8002d827bf57c2c7101bb3f07262a2c762c78edddad79b9f
MD5 hash: a5238bcb77594a2ab3de7c64550159a0
MIME type:image/png
File name:cfbb4970f90b419bb01adf2c7c198a86.jpg
File size:105'189 bytes
SHA256 hash: f0cc5761922f441ca519ae6dc8176b24ca16a07b4a4069411573d3485291afc7
MD5 hash: 10323c22829a955f4f23a312e4330352
MIME type:image/jpeg
File name:T3.txt
File size:34 bytes
SHA256 hash: 7f0a31dec193c4ddf4eda6b5bffc19a941438842d98764730b58dc4cba63a65d
MD5 hash: b1f64b1041b89372f22349e9de2ad6a8
MIME type:text/plain
File name:парфюм.psd
File size:33'915'216 bytes
SHA256 hash: 983c184b50a0b281e385d8f671e9711fa094d4acc4fd8408873bb99bcdc67150
MD5 hash: 33c1ea8a7e04611a95ed119a5da73470
MIME type:image/vnd.adobe.photoshop
Vendor Threat Intelligence
Gathering data
Gathering data
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
masquerade
Link:
https://www.filescan.io/uploads/6923182aeecb08e4aa45d5c4/reports/5722aa98-1f0b-47c2-b912-04438443c275/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/c16be243e6def46a702a299f67c2a3924efdd32b94b29d23cb7e817b57d273c7
Result
Gathering data
Verdict:
Malicious
File Type:
rar
First seen:
2025-11-22T09:40:00Z UTC
Last seen:
2025-11-23T00:47:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/c16be243e6def46a702a299f67c2a3924efdd32b94b29d23cb7e817b57d273c7/results?tab=lookup
Verdict:
inconclusive
YARA:
1 match(es)
Tags:
Rar Archive
Link:
https://app.malva.re/file/d51c4ef2bb94bee5af9f2f9642dc189a
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c16be243e6def46a702a299f67c2a3924efdd32b94b29d23cb7e817b57d273c7/
Threat name:
Win32.Trojan.Etset
Create hunting rule
Status:
Malicious
First seen:
2025-11-22 14:30:26 UTC
File Type:
Binary (Archive)
Extracted files:
14
AV detection:
6 of 36 (16.67%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=yfv6eq7g332gu4bkfgpwpqvdsjhp3uzlsszj2i6lp2axwv6sopdq._file
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/251123-tn8jsaylav/
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:FreddyBearDropper
Create hunting rule
Author:Dwarozh Hoshiar
Description:Freddy Bear Dropper is dropping a malware through base63 encoded powershell scrip.
Rule name:WinRAR_CVE_2025_8088_Exploit
Create hunting rule
Author:marcin@ulikowski.pl
Description:Detects RAR archives exploiting CVE-2025-8088 in WinRAR
Reference:https://www.welivesecurity.com/en/eset-research/update-winrar-tools-now-romcom-and-others-exploiting-zero-day-vulnerability/

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments