MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 107f3d1fe28b67397d21a6acca5b6b35def1aeb62a67bc10109bd73d567f9806. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 8


Intelligence 8 IOCs YARA 10 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 107f3d1fe28b67397d21a6acca5b6b35def1aeb62a67bc10109bd73d567f9806
SHA3-384 hash: 23d7d909e552e41f1a325dd5d3a2bc387f660c1ac2665a351d1f8821a15aae1ae8c5a65e26efbb7d44ba4e87f4816a47
SHA1 hash: f77dba76010a9988c9ceb8e420c96aebc071b889
MD5 hash: df9cfd04d8cda6df8f7263af54f9e5b1
humanhash: lion-network-summer-summer
File name:107f3d1fe28b67397d21a6acca5b6b35def1aeb62a67bc10109bd73d567f9806.rar
Download: download sample
File size:3'631'539 bytes
First seen:2025-08-13 10:18:06 UTC
Last seen:2025-08-19 14:57:24 UTC
File type: rar
MIME type:application/x-rar
ssdeep 98304:ZlXjmLGuNplXjmLGuNUlXjmLGuNglXjmLGuNglXjmLGuNH:ZlXjmLtNplXjmLtNUlXjmLtNglXjmLtb
TLSH T120F51247B2A124BBE176913AC8734A46E7B574050A71EB8F0384535A7F237D6AD3EF20
TrID 61.5% (.RAR) RAR compressed archive (v5.0) (8000/1)
38.4% (.RAR) RAR compressed archive (gen) (5000/1)
Magika rar
Reporter smica83
Tags:CVE-2025-6218 rar RomCom

Intelligence

File Origin
# of uploads :
2
# of downloads :
84
Origin country :
HU HU
File Archive Information

This file archive contains 22 file(s), sorted by their relevance:

File name:Eli_Rosenfeld_CV.pdf:_.__..__..__..__.._AppData_Local_Temp_msedge.dll
File size:723'136 bytes
SHA256 hash: e0cbe8f18315a2ee781de48565dc8a087a1564557c42c66067f65c267120c894
MD5 hash: 4c458b976b583cda61aa8fa2827ab2cc
MIME type:application/x-dosexec
File name:Eli_Rosenfeld_CV.pdf:_.__.._AppData_Roaming_Microsoft_Windows_Start Menu_Programs_Startup_Updater.lnk
File size:2'034 bytes
SHA256 hash: 4da20b8b16f006a6a745032165be68c42efef9709c8e133e39d4b6951cca5179
MD5 hash: 01f586016bbb1fce27ed0a6d6746f08b
MIME type:application/octet-stream
File name:Eli_Rosenfeld_CV.pdf:_Windows_Temp09_Rar$36533.44259
File size:6 bytes
SHA256 hash: eb416a097bd0e6a3cc3cca78bb21416d26db7221b33ca075090ddcf1b1cc4140
MD5 hash: 92fca62d9673fe9a441d719bf6a22cbd
MIME type:text/plain
File name:Eli_Rosenfeld_CV.pdf:_Windows_Temp11_Rar$36535.44261
File size:7 bytes
SHA256 hash: 9c2d8ca476d10dd8d914ce8f6e8e1a67c2fbc334814767833db5456944c6f036
MD5 hash: 651c072ab30c21af218f0fd32f142e19
MIME type:text/plain
File name:Eli_Rosenfeld_CV.pdf:%WINDIR%_Temp10_Rar$36534.44260
File size:7 bytes
SHA256 hash: 896242212df2924d60bd211fd95996bdc09567158a6fdbaa5906c5edacaafbd5
MD5 hash: a53957e0d30264365ce4271e492f606f
MIME type:text/plain
File name:Eli_Rosenfeld_CV.pdf:%WINDIR%_Temp16_Rar$36540.44266
File size:7 bytes
SHA256 hash: 1cf55b310a29e3f90c9521d696ab7569b131c9d5037f5cf047140ae18f5ebd2e
MD5 hash: fae5be8142fea471cea495a943d4a216
MIME type:text/plain
File name:Eli_Rosenfeld_CV.pdf:%WINDIR%_Temp00_Rar$36524.44250
File size:6 bytes
SHA256 hash: 68546cec5182e90cb070b2bd5673c52ad147d131533450772f5e23b8638fecaf
MD5 hash: 40e304bc8f2f8b7b10f0ed55f1aefee1
MIME type:text/plain
File name:Eli_Rosenfeld_CV.pdf:%WINDIR%_Temp04_Rar$36528.44254
File size:6 bytes
SHA256 hash: 5edf05eecbe0744dd733d893ac3fe8f7a44b32a816503f669f4ebba19f05d879
MD5 hash: 489a2c749bb66be684971f69320d1bf8
MIME type:text/plain
File name:Eli_Rosenfeld_CV.pdf:%WINDIR%_Temp02_Rar$36526.44252
File size:6 bytes
SHA256 hash: f6b802a151461e82c42ea43e9cabe42207f91769a260af565f77faf4f37b9e9c
MD5 hash: 6af9fff04261d2de35b745c25461953f
MIME type:text/plain
File name:Eli_Rosenfeld_CV.pdf:_Windows_Temp19_Rar$36543.44269
File size:7 bytes
SHA256 hash: 376c0632a32dcd38db177b665a116a5137d90b069cc0ebf5508a0aaf156f39cc
MD5 hash: 9350f398c27a8af98e8097b531b0bed4
MIME type:text/plain
File name:Eli_Rosenfeld_CV.pdf
File size:3'405 bytes
SHA256 hash: debf971184320c261a28b252a90b4f23dbe03c00e378be51e488afc245257484
MD5 hash: 6d8160658c2b08d490201bf030c7a7e6
MIME type:application/pdf
File name:Eli_Rosenfeld_CV.pdf:_Windows_Temp13_Rar$36537.44263
File size:7 bytes
SHA256 hash: cbaaef8aad771a8f395d4b5e81bdbcbc1fdeca4a7add2af1f616bd44edb5a762
MD5 hash: 294e1003d1849958b7e0d55295c87ead
MIME type:text/plain
File name:Eli_Rosenfeld_CV.pdf:_Windows_Temp03_Rar$36527.44253
File size:6 bytes
SHA256 hash: 5904e7ae08d4834ea2eb947fcb5e12f71550b1a134871a8d1c0d14985c9936b4
MD5 hash: 064a34f33ca5f5441b27fb6ab303c953
MIME type:text/plain
File name:Eli_Rosenfeld_CV.pdf:_Windows_Temp01_Rar$36525.44251
File size:6 bytes
SHA256 hash: c8dc11aecc8a3921ecdd7d726c7d1bc385a6d8e8e0bc024f4b7347e8059a5caa
MD5 hash: 7e2551b5697f39877cf414d3193b2801
MIME type:text/plain
File name:Eli_Rosenfeld_CV.pdf:%WINDIR%_Temp12_Rar$36536.44262
File size:7 bytes
SHA256 hash: e457b1c744454ec057130398ab8e74a7cb7ee27378d2e2867e20ed3d1e07b2b0
MD5 hash: 012f0bda7104b0b4e54e8cdbe7a2b9b9
MIME type:text/plain
File name:Eli_Rosenfeld_CV.pdf:%WINDIR%_Temp06_Rar$36530.44256
File size:6 bytes
SHA256 hash: 2c38724c416bcc20051096e74ebfdf73702df85a5affcc6af1cd4208633f4853
MD5 hash: 508ed2b5e72433ef5fe862e4b933af0d
MIME type:text/plain
File name:Eli_Rosenfeld_CV.pdf:_Windows_Temp07_Rar$36531.44257
File size:6 bytes
SHA256 hash: 0dcc6b1b84f810354243b90c1dae2b3c1142f32beaef4cf89206033a7797db0e
MD5 hash: 46b5cbffa505f83e825ba68050f79618
MIME type:text/plain
File name:Eli_Rosenfeld_CV.pdf:%WINDIR%_Temp08_Rar$36532.44258
File size:6 bytes
SHA256 hash: f4e54a36fcfbc172a542c2e39aa04eb803c009eb4295ad41b5f0028bba012fda
MD5 hash: 478989b8c9530ff410a60a320265b3d4
MIME type:text/plain
File name:Eli_Rosenfeld_CV.pdf:_Windows_Temp15_Rar$36539.44265
File size:7 bytes
SHA256 hash: 45b344b7c93c48268867083b2ba421821cb43a24add44881ee4c1b378d14dfa3
MD5 hash: 33a27d6ffce36bd0d816a19e2aac7e87
MIME type:text/plain
File name:Eli_Rosenfeld_CV.pdf:%WINDIR%_Temp14_Rar$36538.44264
File size:7 bytes
SHA256 hash: b309d655bc8d2b3eb27ae93ac7b27ca06c4bbd49566f499a3f9faf8a8d976c0a
MD5 hash: f97db5dad1be419264b0bd5bc8a36893
MIME type:text/plain
File name:Eli_Rosenfeld_CV.pdf:%WINDIR%_Temp18_Rar$36542.44268
File size:7 bytes
SHA256 hash: a3149af0c10b1a6e5fc2ec803c0d94181886263cb431ea472fcb848f470fb3f5
MD5 hash: 4cbd6d0a22f4c49231a4949e40a9d1a3
MIME type:text/plain
File name:Eli_Rosenfeld_CV.pdf:_Windows_Temp05_Rar$36529.44255
File size:6 bytes
SHA256 hash: 2ef9a5ede57e02fe41f22e6757d4caa6bbeb8926b4c842d6ec82a395f909e0e6
MD5 hash: 239a201d797f1a1c5b30398d35516478
MIME type:text/plain
Vendor Threat Intelligence
Detection(s):
TwinWave.EvilRAR.GhettoSuperstream.20241120.UNOFFICIAL
Create hunting rule

TwinWave.EvilRAR.HongKongGarden_CVE-2025-8088.20250812.UNOFFICIAL
Create hunting rule

Verdict:
Clean
Score:
89.3%
Link:
https://cyber-fortress.com/docs/result/index.php?id=689a2467c633abe3908df0df
Tags:
n/a
Gathering data
Verdict:
Suspicious
Labled as:
Malware_
Link:
https://www.hybrid-analysis.com/sample/107f3d1fe28b67397d21a6acca5b6b35def1aeb62a67bc10109bd73d567f9806
Result
Verdict:
MALICIOUS
Details
Document With Few Pages
Document contains between one and three pages of content. Most malicious documents are sparse in page count.
Score:
76%
Verdict:
Malware
File Type:
ARCHIVE
Link:
https://malprob.io/report/107f3d1fe28b67397d21a6acca5b6b35def1aeb62a67bc10109bd73d567f9806
Verdict:
inconclusive
YARA:
3 match(es)
Tags:
PDF /OpenAction PDF Contains AutoAction Rar Archive
Link:
https://app.malva.re/file/df9cfd04d8cda6df8f7263af54f9e5b1
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/107f3d1fe28b67397d21a6acca5b6b35def1aeb62a67bc10109bd73d567f9806/
Verdict:
Malicious
Threat:
HEUR:Exploit.Multi.CVE-2025-6218
Link:
https://tip.neiki.dev/file/107f3d1fe28b67397d21a6acca5b6b35def1aeb62a67bc10109bd73d567f9806
Threat name:
Win64.Trojan.Egairtigado
Create hunting rule
Status:
Malicious
First seen:
2025-07-19 18:25:51 UTC
File Type:
Binary (Archive)
Extracted files:
38
AV detection:
22 of 38 (57.89%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=cb7t2h7crntts7jbu2wmuw3lgxppdlvwfjt3yeaqtplt2vt7tada._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
adware discovery link pdf spyware
Link:
https://tria.ge/reports/250813-pt8drayzb1/
Behaviour
Checks processor information in registry
Modifies Internet Explorer settings
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
System Location Discovery: System Language Discovery
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/107f3d1fe28b67397d21a6acca5b6b35def1aeb62a67bc10109bd73d567f9806

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:cobalt_strike_tmp01925d3f
Create hunting rule
Author:The DFIR Report
Description:files - file ~tmp01925d3f.exe
Reference:https://thedfirreport.com
Rule name:CP_AllMal_Detector
Create hunting rule
Author:DiegoAnalytics
Description:CrossPlatform All Malwares Detector: Detect PE, ELF, Mach-O, scripts, archives; overlay, obfuscation, encryption, spoofing, hiding, high entropy, network communication
Rule name:CVE_2025_8088_rar_ADS_traversal
Create hunting rule
Author:Travis Green <travis.green@corelight.com>
Description:Detects CVE-2025-8088 WinRAR NTFS ADS path traversal exploitation
Reference:https://www.welivesecurity.com/en/eset-research/update-winrar-tools-now-romcom-and-others-exploiting-zero-day-vulnerability/
Rule name:DebuggerCheck__API
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:FreddyBearDropper
Create hunting rule
Author:Dwarozh Hoshiar
Description:Freddy Bear Dropper is dropping a malware through base63 encoded powershell scrip.
Rule name:golang_bin_JCorn_CSC846
Create hunting rule
Author:Justin Cornwell
Description:CSC-846 Golang detection ruleset
Rule name:MALWARE_Win_RomCom_Loader
Create hunting rule
Author:ditekShen
Description:Hunt for RomCom loader
Rule name:Sus_Obf_Enc_Spoof_Hide_PE
Create hunting rule
Author:XiAnzheng
Description:Check for Overlay, Obfuscating, Encrypting, Spoofing, Hiding, or Entropy Technique(can create FP)

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments