MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 26d244cf283dfef6f3bf966a471716ad100343c58a4db36a06c234b5c5920f74. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 6

Intelligence 6 IOCs YARA 3 File information Comments

SHA256 hash:	26d244cf283dfef6f3bf966a471716ad100343c58a4db36a06c234b5c5920f74
SHA3-384 hash:	21cc7daf1904d46fb3041f94f2745c9fb68412b3a3119b350730643c0b605591a3ea84973f14d0c5fc75d103b58ae628
SHA1 hash:	a279a2fd3f11978ce197e453215267d403e3a317
MD5 hash:	275ac9b31d0fa0c1a7c41b92c33c693a
humanhash:	illinois-hawaii-minnesota-jersey
File name:	5_11_1_1055_03.02.2026.rar
Download:	download sample
File size:	61'390 bytes
First seen:	2026-02-03 13:42:03 UTC
Last seen:	Never
File type:	rar
MIME type:	application/x-rar
ssdeep	1536:qybBDTpEz/tb8S7qG0BLc5TNn8/ZJiuOBeybLYG2h:1fpEzh8S7qGCo5Jn8ZJcDih
TLSH	T1A353D0721459DC6481666038B1D87E29B460F6EE6CEE630214A1E831FFEFA87213DDC3
TrID	61.5% (.RAR) RAR compressed archive (v5.0) (8000/1) 38.4% (.RAR) RAR compressed archive (gen) (5000/1)
Magika	rar
Reporter	smica83
Tags:	CVE-2025-8088 rar UKR

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

File Archive Information

This file archive contains 2 file(s), sorted by their relevance:

File name:	Лист_5_11_1_1055_03.02.2026.pdf:.._.._.._.._.._.._AppData_Roaming_Microsoft_Windows_Start Menu_Programs_Startup_.._.._Programs_Startup_5_11_1_1055_03.02.2026.HTA
File size:	11'100 bytes
SHA256 hash:	1ff2d8f8b7f2cbdb6dc1289158723307763501ef0edd9f67a4790b8f447462ac
MD5 hash:	49eae3d2ad1ee02b9db9e0494d83cc43
MIME type:	text/html

File name:	Лист_5_11_1_1055_03.02.2026.pdf
File size:	1'316 bytes
SHA256 hash:	c8c0a95e0568dec752ba0d26ee554c1510a6298a07b8ce97c0ca05ca04969cb8
MD5 hash:	3e677524e1e23a578f40888f130f8936
MIME type:	text/plain

Vendor Threat Intelligence

Details

Link:

https://research.acce.ciphertechsolutions.com/results/60309292-588c-4d81-8893-8a0b172040e7/

Detection(s):

TwinWave.EvilRAR.GhettoSuperstream.20241120.UNOFFICIAL

TwinWave.EvilRAR.HongKongGarden_CVE-2025-8088.20250812.UNOFFICIAL

Verdict:

Clean

Score:

89.3%

Link:

https://cyber-fortress.com/docs/result/index.php?id=6981fb4687f81e55ffeeee98

Tags:

n/a

Verdict:

Unknown

Threat level:

2.5/10

Confidence:

100%

Link:

https://www.filescan.io/uploads/6981fb45930564ff3c86d8c4/reports/e168ad03-a932-447d-9395-bf12959d5126/overview

Verdict:

Malicious

Labled as:

CVE-2025-8088

Link:

https://www.hybrid-analysis.com/sample/26d244cf283dfef6f3bf966a471716ad100343c58a4db36a06c234b5c5920f74

Verdict:

Malicious

File Type:

rar

Link:

https://opentip.kaspersky.com/26d244cf283dfef6f3bf966a471716ad100343c58a4db36a06c234b5c5920f74/results?tab=lookup

Gathering data

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/26d244cf283dfef6f3bf966a471716ad100343c58a4db36a06c234b5c5920f74/

Threat name:

Binary.Exploit.CVE-2025-8088

Status:

Malicious

First seen:

2026-02-03 16:15:46 UTC

File Type:

Binary (Archive)

Extracted files:

AV detection:

2 of 36 (5.56%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=e3jejtzihx7pn457szveofywvuiagq6frjg3g2qgyi2llrmsb52a._file

Result

Malware family:

n/a

Score:

3/10

Tags:

adware discovery spyware

Link:

https://tria.ge/reports/260203-vhmkssas9h/

Behaviour

Checks processor information in registry

Modifies Internet Explorer settings

Suspicious behavior: EnumeratesProcesses

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

System Location Discovery: System Language Discovery

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/26d244cf283dfef6f3bf966a471716ad100343c58a4db36a06c234b5c5920f74

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	FreddyBearDropper Create hunting rule
Author:	Dwarozh Hoshiar
Description:	Freddy Bear Dropper is dropping a malware through base63 encoded powershell scrip.

Rule name:	SUSP_RAR_NTFS_ADS Create hunting rule
Author:	Proofpoint
Description:	Detects RAR archive with NTFS alternate data stream
Reference:	https://www.proofpoint.com/us/blog/threat-insight/hidden-plain-sight-ta397s-new-attack-chain-delivers-espionage-rats

Rule name:	WinRAR_CVE_2025_8088_Exploit Create hunting rule
Author:	marcin@ulikowski.pl
Description:	Detects RAR archives exploiting CVE-2025-8088 in WinRAR
Reference:	https://www.welivesecurity.com/en/eset-research/update-winrar-tools-now-romcom-and-others-exploiting-zero-day-vulnerability/

File information

The table below shows additional information about this malware sample such as delivery method and external references.

No further information available

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample